The Birmingham Business
Alliance (BBA) invited several journalists to visit
their city, including yours truly. The Alliance wanted to showcase something
they are proud of: a community of scientists, engineers, and legal
professionals determined to make life miserable for digital miscreants. After
hearing that, my bag was packed almost before I sent the email accepting their
offer.

After three days of
almost non-stop activity – including chatting with Alabama’s Chief Information
Officer: Brunson White – it can be said that Birmingham has it going on when it
comes to making the digital world more secure.

Edge of Chaos

Today, I’d like to focus
on a success story at the University of
Alabama in Birmingham (UAB). It begins with the Edge of Chaos.
A concept championed by members of the UAB-staff who believe innovative
solutions to difficult problems happen when people with dramatically different
viewpoints work together, what UAB calls “Colliding Minds”:

“When the same kinds
of folks always work on the same kinds of problems, you get the same kinds of
answers. Mix it up, and you find innovative solutions. It happens when you put
the poet, engineer, professor, and manufacturer together.”

To fit with the “Edge
of Chaos” concept, the university has constructed a sui generis meeting place,
including a huge cylindrical chalkboard.

Digital Chaos

The Computer Science and
Information Technology faculty at UAB also took to heart the Edge of Chaos
concept, leading them to create the Center for Information Assurance and Joint
Forensics Research (CIAJFR):

“The Center is a
collection of professors, students, and professional partners across myriad
disciplines, all devoted to one mission: making the world a safer place for
citizens of the 21st century.”

One member Dr. Sarah Parcak, mentioned to us she was
surprised when asked to join the Center. But, after learning that Sarah
considers herself a “Space Archaeologist” using cutting-edge
satellite imaging applications developed at UAB to help international law
enforcement agencies prevent the looting of civilization’s antiquities, it
doesn’t seem strange at all. And, Sarah’s efforts have already revealed
hundreds of previously unknown sites in Egypt.

Just
as the Internet makes it easier for looters to sell antiquities, the Internet
enables bad guys to steal from those using the Internet to make their lives
easier. This is another area the Center felt compelled to investigate. The
solution – creating the Computer Forensics Research Laboratory (CFRL):

“[A] 35-station lab
that focuses on developing investigative tools and techniques for analyzing
digital evidence in the areas of spam, phishing, and malware. Undergraduate and
graduate students from the departments of Computer & Information Sciences
and Justice Sciences work in the lab.”

The CFRL forwards the
Edge of Chaos initiative by involving Computer Science as well as Justice
Science faculty members creating a unique hands-on teaching experience for
students. The CFRL is under the auspices of Gary
Warner, Director of Research in Computer Forensics at the
University.

Gary and the students at
CFRL readily admit they are locked in battle with digital criminals who are
currently winning. They quickly add their intention to change that using:

  • Academics: UAB has several programs
    that, once completed, allow graduates to work as CyberCrime Investigators.
    What UAB calls “Training digital detectives for the 21st Century.”
  • Awareness: Realizing the need to
    get the word out on the very real risks involved with cybercrime.
  • Research: Criminals have more
    money, more manpower, and fewer restrictions. UAB intends to work smarter:
    creating tools, applying techniques, and providing training that will
    negate any bad-guy advantage.

I asked Gary about the
lab’s focus on spam and phishing emails. He mentioned their motivation came
from knowing that bad guys create over 20,000 unique phishing sites each month,
costing Americans millions of dollars weekly. To that end, members of the CFRL
used their expertise in Data Mining and Grid Computing to establish the UAB Spam
Data Mine:

“The UAB Spam Data
Mine is used on a daily basis to respond to queries about a wide range of
email-based crimes. Data about phishing emails is commonly provided, but we
also provide information about botnets, malware distribution emails, and emails
selling a particular product, or pretending to be a government agency.”

Next, the research team
developed UAB’s PhishIntel portal (Now
a commercial service offered by Gary’s UAB spin-off company – Malcovery
Security):

“The portal provides
a gateway to UAB’s extensive collection of data gathered from more than half a
million live phishing sites. By leveraging this information, law enforcement
and other investigators can easily identify patterns that may link many
phishing cases together.”

As Gary explained all
what they have accomplished, all I could think of was – Wow.

“Our reports have
been used to help analyze “spear phishing” campaign, identify
fraudulent advertisers, identify individual computer and botnets responsible
for emails claiming to be from the FBI, the IRS, the Centers for Disease
Control, the Social Security Administration, and of course dozens of financial
institutions.”

One success story
involves a social networking site that more people than not belong to –
Facebook. The story begins with the highly successful computer worm called Koobface
that targeted user’s Facebook email. Koobface was so successful that from 2009
to 2010, Koobface netted its developers over two million dollars.

Although other security
firms identified Koobface, Gary and one of his students, Brian Tanner, working
with the UAB Spam DataMine and PhishingIntel were able to provide actionable
evidence, identifying some of the people behind Koobface, to the authorities.
After three long years, the good guys shuttered Koobface.

To show their gratitude,
Facebook donated a quarter million dollars to UAB, funding the Facebook Suite at CIAJFR. Gary and student
researchers use their new digs to capture more spammers, phishers, and any
digital bad guys they can.

A win-win

Gary and other faculty
members repeatedly mentioned their goal – starting with the concept of Edge of
Chaos down to the hands-on effort by teachers and students – must be graduating
highly qualified young men and women. The point was driven home time and time
again when we visited tech companies and financial institutions in Birmingham.
Managers in charge of IT security were anxious to hire graduates from the
Center’s program.

Final thoughts

Dave Rickey of the BBA
said I would not be disappointed, and he was right. What’s more, I filled up
one notebook, and the first day was only half over. Next, Dave brought us to Innovation Depot,
a high-tech incubator where Gary Warner and others, who privatized their
research in partnership with UAB, have offices.

Then we had another whole
day to visit two more unique organizations. The National Computer Forensics
Institute which trains law enforcement agents, prosecutors, and judges on how
to work with digital evidence; and PacketNinjas, a private firm that works with
victims of digital attacks to improve defenses and provide actionable evidence
to law enforcement agencies. So please stay tuned.

Pictures and slides courtesy of BBA and UAB.