UAB takes aim at spammers, phishers, and purveyors of malware

Birmingham, Alabama, is fast becoming a hotspot for digital crime fighting. Together, let's learn what they're doing right.

Birmingham 1.jpg
The Birmingham Business Alliance (BBA) invited several journalists to visit their city, including yours truly. The Alliance wanted to showcase something they are proud of: a community of scientists, engineers, and legal professionals determined to make life miserable for digital miscreants. After hearing that, my bag was packed almost before I sent the email accepting their offer.

After three days of almost non-stop activity - including chatting with Alabama's Chief Information Officer: Brunson White - it can be said that Birmingham has it going on when it comes to making the digital world more secure.

Edge of Chaos

Today, I'd like to focus on a success story at the University of Alabama in Birmingham (UAB). It begins with the Edge of Chaos. A concept championed by members of the UAB-staff who believe innovative solutions to difficult problems happen when people with dramatically different viewpoints work together, what UAB calls "Colliding Minds":

"When the same kinds of folks always work on the same kinds of problems, you get the same kinds of answers. Mix it up, and you find innovative solutions. It happens when you put the poet, engineer, professor, and manufacturer together."

To fit with the "Edge of Chaos" concept, the university has constructed a sui generis meeting place, including a huge cylindrical chalkboard.

Birmingham 2.jpg

Digital Chaos

The Computer Science and Information Technology faculty at UAB also took to heart the Edge of Chaos concept, leading them to create the Center for Information Assurance and Joint Forensics Research (CIAJFR):

"The Center is a collection of professors, students, and professional partners across myriad disciplines, all devoted to one mission: making the world a safer place for citizens of the 21st century."

Birmingham 3.jpg
One member Dr. Sarah Parcak, mentioned to us she was surprised when asked to join the Center. But, after learning that Sarah considers herself a "Space Archaeologist" using cutting-edge satellite imaging applications developed at UAB to help international law enforcement agencies prevent the looting of civilization's antiquities, it doesn't seem strange at all. And, Sarah's efforts have already revealed hundreds of previously unknown sites in Egypt.

Just as the Internet makes it easier for looters to sell antiquities, the Internet enables bad guys to steal from those using the Internet to make their lives easier. This is another area the Center felt compelled to investigate. The solution - creating the Computer Forensics Research Laboratory (CFRL):

"[A] 35-station lab that focuses on developing investigative tools and techniques for analyzing digital evidence in the areas of spam, phishing, and malware. Undergraduate and graduate students from the departments of Computer & Information Sciences and Justice Sciences work in the lab."

The CFRL forwards the Edge of Chaos initiative by involving Computer Science as well as Justice Science faculty members creating a unique hands-on teaching experience for students. The CFRL is under the auspices of Gary Warner, Director of Research in Computer Forensics at the University.

Gary and the students at CFRL readily admit they are locked in battle with digital criminals who are currently winning. They quickly add their intention to change that using:

  • Academics: UAB has several programs that, once completed, allow graduates to work as CyberCrime Investigators. What UAB calls "Training digital detectives for the 21st Century."
  • Awareness: Realizing the need to get the word out on the very real risks involved with cybercrime.
  • Research: Criminals have more money, more manpower, and fewer restrictions. UAB intends to work smarter: creating tools, applying techniques, and providing training that will negate any bad-guy advantage.

Birmingham 4.jpg
I asked Gary about the lab's focus on spam and phishing emails. He mentioned their motivation came from knowing that bad guys create over 20,000 unique phishing sites each month, costing Americans millions of dollars weekly. To that end, members of the CFRL used their expertise in Data Mining and Grid Computing to establish the UAB Spam Data Mine:

"The UAB Spam Data Mine is used on a daily basis to respond to queries about a wide range of email-based crimes. Data about phishing emails is commonly provided, but we also provide information about botnets, malware distribution emails, and emails selling a particular product, or pretending to be a government agency."

Next, the research team developed UAB's PhishIntel portal (Now a commercial service offered by Gary's UAB spin-off company - Malcovery Security):

"The portal provides a gateway to UAB's extensive collection of data gathered from more than half a million live phishing sites. By leveraging this information, law enforcement and other investigators can easily identify patterns that may link many phishing cases together."

As Gary explained all what they have accomplished, all I could think of was - Wow.

"Our reports have been used to help analyze "spear phishing" campaign, identify fraudulent advertisers, identify individual computer and botnets responsible for emails claiming to be from the FBI, the IRS, the Centers for Disease Control, the Social Security Administration, and of course dozens of financial institutions."

One success story involves a social networking site that more people than not belong to - Facebook. The story begins with the highly successful computer worm called Koobface that targeted user's Facebook email. Koobface was so successful that from 2009 to 2010, Koobface netted its developers over two million dollars.

Birmingham 5 Revised.jpg

Although other security firms identified Koobface, Gary and one of his students, Brian Tanner, working with the UAB Spam DataMine and PhishingIntel were able to provide actionable evidence, identifying some of the people behind Koobface, to the authorities. After three long years, the good guys shuttered Koobface.

To show their gratitude, Facebook donated a quarter million dollars to UAB, funding the Facebook Suite at CIAJFR. Gary and student researchers use their new digs to capture more spammers, phishers, and any digital bad guys they can.

A win-win

Gary and other faculty members repeatedly mentioned their goal - starting with the concept of Edge of Chaos down to the hands-on effort by teachers and students - must be graduating highly qualified young men and women. The point was driven home time and time again when we visited tech companies and financial institutions in Birmingham. Managers in charge of IT security were anxious to hire graduates from the Center's program.

Final thoughts

Dave Rickey of the BBA said I would not be disappointed, and he was right. What's more, I filled up one notebook, and the first day was only half over. Next, Dave brought us to Innovation Depot, a high-tech incubator where Gary Warner and others, who privatized their research in partnership with UAB, have offices.

Then we had another whole day to visit two more unique organizations. The National Computer Forensics Institute which trains law enforcement agents, prosecutors, and judges on how to work with digital evidence; and PacketNinjas, a private firm that works with victims of digital attacks to improve defenses and provide actionable evidence to law enforcement agencies. So please stay tuned.

Pictures and slides courtesy of BBA and UAB.