Contact Us

Last Issue

"B reaking: "Two Explosions in the White House and Barack Obama is injured” read the tweet from Associated Press in April 2013. Sixty characters, one fake report, and within two minutes, the Dow Jones Industrial Average plunged over 140 points.

Back at UC Santa Barbara, the hack inspired Computer Science Ph.D. student Gianluca Stringhini to identify compromised accounts on social media platforms by examining short URLs often found on Twitter accounts. He found that URL shortening services are easily manipulated, producing malicious URLs that can “phish” for private information or send spam.

Stringhini, along with fellow doctoral students and computer science faculty, compose the Computer Security Group at UC Santa Barbara. From their headquarters at the Security Lab (SecLab) in Harold Frank Hall, the group designs, builds, and secures software systems, essentially arming software against cyberattacks. The unassuming laboratory affronts problems in cyberspace by detecting intrusion and malware, securing web-based applications, and performing vulnerability analysis on computers.

“From the technological point of view, it’s a cat-and-mouse game, meaning that we could develop a new way to detect these targeted attacks,” said Professor Giovanni Vigna, codirector of the Security Lab on campus.

For example, in February 2013 information security group Mandiant released a report exposing China’s involvement in cyber espionage of U.S. companies. The “eye-opening” document revealed a major threat by the Chinese military on U.S. businesses.

In light of recent cyberattacks, Vigna stated that the Computer Security Group has shifted focus to work on evasive malware. Malware has become more aware of its surroundings, allowing it to hide in particular applications or documents and attack specific people. In March 2011, a SecurID company, RSA Security, was hacked after an employee opened an Excel spreadsheet titled “2011 Recruitment Plan” that had malware to take control of the computer and phish for sensitive information.

As cyberattacks have grown more sophisticated, Vigna explained that there are less opportunistic attacks and more targeted attacks, and mapped out the evolution in malware and cybercrime in the past 10 years: Cybervandalists began by breaking into websites for bragging rights, but then hackers realized that they could siphon money and private information from these cyberattacks.

 computer security group ucsb, hacker contest

“From a technology point of view, they moved from throwing a wide net and compromising a small group of computers and suck out information,” Vigna elaborated. “Now with cyberespionage, they want to infiltrate you—they want to infiltrate Google, The Wall Street Journal, a South Korean bank. They want a precise target.”

To keep up with the game of cat-and-mouse, the Computer Security Group has recently discovered an automated way to steal Netflix movies, Spotify songs, and Amazon streaming movies. But Professor Giovanni Vigna, codirector of the Security Lab on campus, says that they are the “good guys.”

“We are not distributing to people this truth,” explained Vigna. “We find the problem. As an academic, [we wonder] how does this work? Can it be broken? Before we go public, we go back to [the company] and say, ‘Listen, there’s this problem. Can we help you fix it?’”

The two main focuses of the Computer Security Group are vulnerability analysis and anti-malware solutions. Vigna likened vulnerability analysis to picking a lock.

“It’s like proving that a lock can be picked so that when you have to buy a lock, you buy a better one,” Vigna described. “A lot of vulnerability analysis is that. Of course, the same tools can be used for bad purposes. But when we find vulnerabilities, we find them so that we can fix them before they are deployed to a million users.”

The second focus, anti-malware solutions, analyzes programs to see if an attachment or website is malicious. These programs—Wepawet and Anubis—are available to the public for free. Any time a person encounters a website or document that is suspicious, the program can run the website or document for the person and check if it is malicious. In addition to the group’s practical solutions, the Computer Security Group also does extensive research and theoretical work. This group publishes more papers at conferences than any other organization in the world.

Consequently, UC Santa Barbara has become a hot spot for computer science, bringing in international students from all corners of the world for the doctoral program. From about 200 applications, only two doctoral students are accepted each year.

marco cova

Ali Zand, current Ph.D. Computer Science candidate from Iran, said that UC Santa Barbara was an easy choice because it was a top school in practical security and “has the perfect weather.” Zand reflected on a few of the Computer Security Group’s recent accomplishments that have stemmed directly from current events.

In Summer 2007 the Computer Security Group performed the Top-to-Bottom Review of electronic voting machines in California. The group discovered major flaws in the Sequoia voting system and exposed these flaws by creating a viruslike software to steal votes.

“While most critical systems are continuously scrutinized and evaluated for safety and correctness, electronic voting systems are not subject to the same level of scrutiny,” read the 2008 report. “A number of recent studies have shown that most (if not all) of the electronic voting systems being used today are fatally flawed, and that their quality does not match the importance of the task that they are supposed to carry out.”

The report identified vulnerabilities in the voting machines and made suggestions for improvement. Just months after the Computer Security Group completed its review of the voting machines, California Secretary of State Debra Bowen decertified and withdrew her approval of the machine. Vigna said that this was one of his crowning achievements while working at UC Santa Barbara.

“It was great because it showed the impact of the [Computer Security Group’s] activities,” Vigna lauded

Marco Cova ’10 assisted in the review of the voting machines as a Ph.D. student. Cova first worked with the Computer Security Group as an exchange student at UC Santa Barbara during the 2001-02 academic year. The Italian student chose to return to the University for his doctoral degree in 2005 and assisted in publishing the results of the Top-to-Bottom Review in 2008. Cova describes his time at UC Santa Barbara as “fundamental” because it created job opportunities and shaped his views on how research should be pursued.

“Doing a Ph.D. with the Security Group is quite a bit of work and [a] commitment, but I've always found that its people and its atmosphere made the lab a great place to also have fun and spend time together besides work,” Cova said.

For the “good guys” in the Computer Security Group, saving democracy, preventing cyberespionage, and thwarting hackers are all in a day’s work.


1. Do not use Internet Explorer
2. Update your machine’s software
3. Disable Java
4. Backup all important files and programs
5. Check your banking account for suspicious activity and use a two-factor authentication (like an additional password or a RSA SecurID key) to prevent identity theft

Wepawet - http://wepawet.iseclab.org/
Detect and analyze web-based threats by reviewing a URL.

Anubis - http://anubis.iseclab.org/
Analyze malware by submitting a Windows executable or Android application file, APK.