About

Contact Us

Last Issue



Departments

I


t was the volume of UC Santa Barbara computer traffic that initially made Campus Network Manager Kevin Schmidt suspicious.

Network logs and traffic reports recorded a spike of campus network traffic going to the CNN website. “We shouldn’t see this level of activity pointed toward CNN,” said Schmidt, who graduated from UC Santa Barbara in 1993. “The traffic was coming from several on-campus computers at the same time. The activity was typical of someone using a tool trying to conduct a denial-of-service attack.”

In fact, the day before, on Feb. 8, 2000, CNN’s website had been crippled by a denial-of-service attack. After checking log files, Schmidt determined that a computer in the Physics Department was being used in the CNN attack.

“Around that time, we realized we needed to get someone else involved,” Schmidt said. He contacted CNN and the FBI, who sent two agents to the campus to investigate. “We turned the hard drive over to the FBI to do their own forensics on it to see what information could be useful in the investigations,” Schmidt said.

During the investigation, the UC Santa Barbara team discovered key pieces of evidence about the hacker. First, logs tracked unauthorized access coming from the University of Alberta. Second, the hacker had left software tools on the computer, which had allowed him to control computers along UC Santa Barbara’s network, but also contained information leading back to the hacker.

As a result of UC Santa Barbara’s help, the FBI tracked the hacker to a home in Montreal, Canada. The hacker turned out to be a 16-year-old using the moniker Mafiaboy. “He was a script kiddie—he didn’t write (the software tools) himself,” Schmidt said.

Eventually, Mafiaboy was sentenced to eight months in a youth detention center and ordered to donate $250 to charity for his role in the February 2000 attacks on Yahoo, eBay, Amazon, CNN and other major Internet sites. The sites lost hundreds of millions of dollars in revenue, according to the Royal Canadian Mounted Police.

Sharing Information vs. Security

In Mafiaboy’s attack, the majority of compromised networks were at universities, according to the Royal Canadian Mounted Police.

Schmidt pointed out that the unique needs of a university can make it vulnerable to attacks like these. “Open research environment and network security—that is a really big challenge today,” he said. “You have faculty and undergraduates where security is not their first concern or area of specialty, so it can be very challenging to protect these environments or even know that they have been compromised.”

Balancing the role of research and the need for cybersecurity is a top concern of UC Santa Barbara’s network security group. “There were things that we didn’t have available to us then that have subsequently gone into place, such as a certain kind of traffic filter,” Schmidt said, which can restrict an attack to the network of an affected computer and limit the damage done to the target of the attack.

Before UC Santa established a campus network security group in 1996, individual departments managed networks and did not have a centralized set of standards or tools. “Then the network itself evolved, so the demand grew,” Schmidt said. With the network security group established, Schmidt was named campus network manager.

When Schmidt first came to UC Santa Barbara, he was a transfer student from CSU Long Beach, who had also been working at GTE as a database programmer. He became a consultant at the Micro Computer Lab in Phelps Hall, and, by the time he graduated in 1993, he was working part-time as information technology support staff for the Office of Budget and Planning.

Three years and several positions later, Schmidt became the first UC Santa Barbara campus network manager, sharing his expertise with other University of California campuses and participating in state and federal security groups.

Changing Landscape of Cyberattacks

In the years since the 2000 attack, Schmidt has found the style of attacks have become more serious. “What happened back then tended to be the domain of idle curiosity—casual hackers trying to see what they could do,” he said. “They weren’t driven by financial gain. They weren’t driven by this economic or military purpose.”

Today’s larger attacks tend to be better organized and more targeted, and can be considered cyberterrorism, according to Schmidt. “That's a concern, especially somewhere like UCSB,” he said. “We have people involved in research that could be marketable or have to do with defense. You can have countries wanting to take advantage of that.”

Schmidt said that cybercriminals have gone far beyond the email asking you to click a link and change your password or a call from the “Microsoft security center” saying they have detected a virus on your computer. Entrepreneurial hackers in other countries have turned malware into an industry, according to Schmidt.

Websites resembling regular e-commerce stores offer to customize malware to the buyer’s specifications, he said. The site will also offer malware distribution, virus detection scanning, and data collection services, including a map showing the percent of computers worldwide infected by that particular malware.

“It’s full service,” said Schmidt, who learned about these sites through a presentation at the Los Angeles Electronic Crimes Task Force. The task force, which was established by the Patriot Act, provides training and technical expertise in e-commerce, network security and digital data recovery to industry, academia and law enforcement communities.

For Schmidt, vigilance isn’t restricted to cybersecurity at work—he also employs a variety of security techniques to protect himself and his family (see box). “People can’t be too relaxed and think anti-virus products will save them,” he said.





Tips to Protect Yourself

  • Keep all operating systems and software up to date. For PCs, you can use a free program like Secunia PSI to identify what is out of date on your system.

  • Install an anti-virus product.

  • Use a firewall. Apple computers have a built-in firewall, but users must enable it.

  • Use best practices to create your passwords. Avoid simple passwords, such as LetMeIn. Schmidt’s strategy to create a password involves converting a line or two of a song to an acronym along with some punctuation. “So it keys off of something meaningful to you,” he said.

  • Don’t use the same password on multiple sites. Use the security questions to protect your password. “It’s not just using passwords, but using passwords intelligently,” Schmidt said.

  • Use two-factor authorization, especially for any kind of financial information. This requires something you know—your password—and something you have—such as your phone to which a code is sent—to access a site.

  • Avoid public workstations. Machines that are out in the open and whose maintenance record is unknown, such as those at a conference, can be compromised with a key logger or other malware and expose your username and password to theft.

  • Do not trust requests for sensitive information through email or telephone communication that you did not initiate. If you are unsure about how to respond to a request for sensitive information, ask someone you trust to review the request. Or ask the requester for additional contact information, such as a telephone number where you can reach them later.

  • Keep your sensitive files protected.

  • Use encryption software, such as TrueCrypt, to put them into an encrypted directory.

  • Save them to removable media, such as a flash drive, and then lock it up securely at home.

  • Have backups of your important software and files. There are online backup services that also offer encryption.

  • Securely erase and destroy media before you get rid it, including hard drives, cell phones and laptops. You can’t just reformat the media; you must overwrite the media to completely erase your information.

  • Consider the consequences of the information you put on social media, such as vacation plans that could alert someone to your house being empty.




  • .
    .