11 March 2020
DKE cybersecurity research

Research into cybersecurity: Careful now…

Apostolis Zarras, cybersecurity expert at UM’s Department of Data Science and Knowledge Engineering (DKE), talks about his research into cybersecurity, why humans are the weak link and – topically enough – malware attacks.

Nick Bos during UM's symposium detailing the lessons learnt from the cyber attack

What is ransomware?

“Ransomware is a type of malicious software that tries to infiltrate a system, encrypts data, and demand a ransom in exchange for making the data available again. Often, and especially in cases of a large-scale attack, the ransomware will attempt to cover its traces, so that it can operate and spread undetected to connected systems, and only reveal itself the very last moment. Sometimes, it also piggybacks on other malicious software, such as a keylogger, which collects an administrator’s passwords and tries to get onto other systems if the passwords are the same or similar.”

Another common threat is phishing. “That is, for example, a website that looks like the login page of your bank and asks you for your password. That’s why banks now have a two-factor authentication system: you log on and then receive an SMS message with an additional code, or the likes.”

In his research, Zarras thinks about cybersecurity in a much broader sense though. “Think about things like children revealing their location to whomever, or cyberbullying, or fake news threatening the democratic process – it affects all of us in some way.” The answer, again, must be education: “Children from as young as five or six should be introduced to online security.”

Occupational therapy for Nigerian princes

His research has borne some very practical fruit too: Zarras has developed software to identify malicious email in the hope of detecting and preventing the spread of malware. Before the EU had established the GDPR, he had already looked into how we can create self-destructing data to make sure companies can’t store our details for longer than necessary or agreed to.

In a similar vein, he was involved in an EU project to help protect medical data. Zarras and one of his PhDs have also turned their attention to phishing emails that try to coax victims into giving up their bank details in exchange for a share of e.g. an inheritance. The Nigerian prince is a classic of the genre.

Zarras designed a chatbot that would engage the criminals behind the emails in conversation – and not just for a laugh. “Essentially you can send these emails to millions of people, the only thing that’s not so easy to scale is the interaction with potential victims. If our bots can engage the criminals, then they can’t convince people to share their details during that time.”

Crooks and nations

Who are the online baddies then? A quick perusal of cybercrime stock photos would suggest young Russians with hoodies hacking green ones and zeros into the black screen on a laptop in a basement. But Zarras suggests it’s more complicated than that: “The location of the server or where the bank account is registered doesn’t say much about the nationality of the perpetrators.”

You don’t need to be a programming genius to be a cybercriminal either, but the level of sophistication is staggering, especially when it comes to cyberattacks sponsored by nation states. Rather than fingering Iran, North Korea or China, Zarras points to the Stuxnet computer worm that targeted industrial control systems of Iranian nuclear facilities.

Another recent example is the CIA and BND, Germany’s Federal Intelligence Service, secretly operating the Swiss encryption technology company Crypto AG, which they purchased via a law firm in Liechtenstein. For 50 years, they manipulated encryption machines, effectively to spy on the more than 120 countries who bought the company’s hardware for embassies, administrative offices and government institutions.

The operations were referred to as Rubicon and Minerva respectively – presumably whilst stroking a hairless cat in a swivel chair… But, as Zarras points out, regular users should probably be more immediately concerned about their own cavalier attitude towards cybersecurity – from sharing data with social media networks to surrendering privacy through consenting to cookies when browsing the web.

By: Florian Raith