Queen’s researchers on the front line against cyber crime

On 2nd June 2014 numerous news outlets globally ran a story about a Russian man being charged with being behind a major cybercrime operation that affected individuals and businesses worldwide and added to the FBI’s most wanted list. Evgeniy Bogachev, also known as “lucky12345” and “slavik”, is wanted for his alleged involvement in a wide-ranging racketeering enterprise and scheme that installed, without authorization, malicious software known as “Zeus” and a variant called “GameOver Zeus” on victims’ computers.

Zeus is a type of malware known as a bot which makes up part a network of hijacked home computers, typically controlled by a criminal gang called a botnet. The software was used to capture bank account numbers, passwords, personal identification numbers, and other information necessary to log into online banking accounts.

In a non-descript glass fronted building in the heart of the Northern Ireland Science Park the news came as no surprise to a crack team of cyber security researchers who barely raised an eyebrow. The team, based in Queen’s University Belfast’s (QUB) Centre for Secure Information Technologies (CSIT), is at the forefront of researching and developing new technologies to detect bots, botnets, malware and Advanced Persistent Threats (APTs) since it was established as the UK’s Information and Knowledge Centre (IKC) in 2009. The Zeus botnet, and the plethora of variants it has spawned, has been of particular interest to the team who work as part of the Secure Digital Systems research cluster headed by Professor Sakir Sezer.

Sakir Sezer 250 166Professor Sezer says: “As the internet has evolved into a multi-trillion pound business, the threats have evolved as well. To date members of the gang who operate the Zeus botnet have stolen an estimated $500 million. This represents a huge loss to citizens and businesses alike. Our research is helping minimise the fraud and theft enabled by this pernicious software through the development of hardware and software tools and technologies which have been proven to detect and prevent this type of malicious activity.”

In a secure laboratory within the facility Professor Sezer’s team of researchers and engineers have installed a complete botnet for the purposes of determining how it replicates, evolves over time and communicates with command and control systems. The team are reluctant to say too much about their findings in an effort to stay one step ahead of the criminals in this cat and mouse game. What they will say, however, is that the solution they have developed has the ability to analyse gigabytes of network traffic, in real-time, pinpointing botnet activity on corporate, mobile operator or Internet Service Provider (ISP) networks. This malicious activity can be traced to a specific machine, laptop or mobile device which has been infected with the malware.

Notwithstanding, the research isn’t a purely academic endeavour. Through its unique ‘Open Innovation’ model CSIT works to exploit and transfer knowledge to industry through member companies such as global giants McAfee and IBM, as well as via commercial R&D and consultancy engagements with local SME’s such as RepKnight and AirPOS. This ensures the research is both industrially relevant and that findings can be put to work as quickly as possible to limit the impact of malware and botnets on society as well as bringing new cyber security technologies to market.

Highlighting ISP and mobile network operator’s failure to adopt technology to limit the damage wreaked by malware and botnets Professor Sezer says: “We have the proven technology to detect and stop these malicious applications at the ISP and operator level but many are reluctant to take on responsibility for providing this service to their customers. Common Carrier status means the ISP is not responsible for anything illegal taking place over the network.  For example, Warner Brothers can’t sue BT because their digital content (films) are being illegally streamed to BT broadband subscribers.  The ISPs use this legal provision to see no evil.  Hence they make no attempt to protect subscribers from malware. However, they are quite happy to detect and block Skype traffic when it effect’s their bottom line. The legislative framework needs to change to enable broader use of this technology to protect internet consumers.”

MSc_in_Cyber_SecurityNew technology is only one part of the CSIT story.  Currently, the demand for cyber security experts is growing at twelve times the rate of the overall job market. The Centre has listened to the needs of industry and is complementing its technology research by developing a new Master’s degree in Cyber Security to skill up the next generation of cyber security professionals. The course is open for application now and will begin in September 2014.

Professor Maire O’Neill, Co-Ordinator of the new MSc in Cyber Security, says: “The emphasis of the MSc is to provide graduates with a comprehensive understanding of the cyber security challenges facing industry and society, today and in the future, and equipping them with the skills necessary to address those challenges.”

Finally, the Centre recognises its wider responsibilities to society in terms of supporting citizens, industry and government to tackle the scourge of cyber-crime as well as capitalising on the huge global demand for technologies in this area. CSIT staff are involved in a variety of prominent advisory bodies such as the Organised Crime Task Force’s Cyber Crime Sub Group, the UK Cyber Growth Partnership and chairing the Royal Society’s Cyber Security Research policy committee.

You can find out more about CSIT and the MSc in Cyber Security on its website here: http://www.csit.qub.ac.uk/

Hi-tech crime terms

  • Bot – one of the individual computers in a botnet; bots are also called drones or zombies
  • Botnet – a network of hijacked home computers, typically controlled by a criminal gang
  • Malware – an abbreviation for malicious software i.e. a virus, Trojan or worm that infects a PC
  • APT – Advanced Persistent Threats are a set of stealthy and continuous computer hacking processes, often orchestrated by human targeting a specific entity.

Advice from Get Safe Online

  • Install internet security software from companies listed on Get Safe Online’s website to download a free tool to scan for Gameover Zeus and remove it from your computer
  • Do not open attachments in emails unless you are 100% certain that they are authentic
  • Make sure your internet security software is up-to-date and switched on at all times
  • Make sure your Windows operating system has the latest Microsoft updates applied
  • Make sure your software programs have the latest manufacturers’ updates applied
  • Make sure all of your files including documents, photos, music and bookmarks are backed up and readily available in case you are no longer able to access them on your computer
  • Never store passwords on your computer in case they are accessed by Gameover Zeus or another aggressive malware program

The Dock – A poem by David Crozier

I am delighted and honoured that my poem “The dock” was chosen as the winner of the inaugural MATRIX Poetry Competition. I collected the prize on Saturday 5th October 2013 from Poet Laureate Carol Anne Duffy at a reading session she hosted in Derry~Londonderry as as part of Poetry Month and the 2013 City of Culture celebrations.

Collecting the inaugural MATRIX Poetry Competition Prize from Poet Laureate, Carol Anne Duffy and MATRIX Deputy Chair, Dr Norman Apsley
Collecting the inaugural MATRIX Poetry Competition Prize from Poet Laureate, Carol Anne Duffy and MATRIX Deputy Chair, Dr Norman Apsley

The inaugural competition, which was introduced by MATRIX to highlight the links between science and the arts, was to write a poem about any science related topic.

It was open to those people who study the STEM subjects or work in science/technology based industries. It was judged by Professor Iggy McGovern, Professor of Physics at Trinity College Dublin and award winning poet.

MATRIX, the Northern Ireland Science Industry Panel, is a business led expert panel, formed primarily to advise government, industry and academia on the commercial exploitation of R&D and science and technology in Northern Ireland.

My poem drew inspiration from the sounds, history and future of the area around the Thompson Dry Dock which my office overlooks.  It also draws parallels between the heavy engineering that the shipyard area was known for and the future, driven by research and development, carried out at my place of work – the ECIT Institute.

The motivation for writing the poem is simple. MATRIX Chair Bryan Keating asked me to. Sometimes being asked to do something is motivation enough.

My poem:

The dock

The sound of hammering and clanging ringing out from the dock
Regularly drifts in the sea breeze through my window.
This recording a remembrance of ocean liners engineered
In Belfast’s mighty shipyards once spread out below.

Now in this furnace of technology, an Institute of the future,
Researchers secure the digital tomorrow for one and all.
Transportation of a different kind their focus; of data and knowledge.
The brains of this nation answering Queen’s Island call.

For through science our pride will be restored once more,
Technology despatched through new venture creation.
Lessons learned, skills honed, motivation unsinkable
Let’s doff a duncher to this foundry of innovation.

Creative Commons License
“The Dock” by David Crozier is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
Based on a work at http://www.davidcrozier.co.uk/2013/10/07/the-dock/

 

Is this the end of usernames and passwords? #csitsummit

Updated 3rd June 2013.

This post was previously published by me over at The Centre for Secure Information Technologies blog.

At the recent World Cyber Security Technology Research Summit hosted by CSIT I had the pleasure of scribing one of the breakout sessions titled “Is it the end of the road for username and password? If so what are the alternatives?”.

The answer, given recent high profile breaches, might surprise. It’s not as clear cut as you might think. One thing is for sure however. There is a huge amount of opportunity in this area.

Continue reading “Is this the end of usernames and passwords? #csitsummit”

New role at CSIT: The second 30 days in the 30-60-90 plan

Chips with that?

Last month I blogged about the 30/60/90 plan covering the first 30 days of the initial three months in my new Technical Marketing Manager role at The Centre for Secure Information Technologies (CSIT).  This was based on some interesting guidance posted by Ninon LaForce on the On Product Management blog.

In this post I shall look back at the second 30 days.  Personally speaking its useful for me as I slot into the organisations appraisal system to reflect on what I have achieved thus far in the role.

Day 31-60: Take ownership

According the Ninon, days 31-60 in a new PM role is all about taking ownership. As with my previous post, before getting into the points specified in the original post, here are a few thoughts on this period.

This period began with exhibiting at Mobile World Congress in Barcelona.  I blogged my thoughts on the Congress here. While this took me out of the office for a whole week it was a useful learning exercise personally and an opportunity to test what we as an organisation are doing in the marketplace.  It certainly helped me achieve some of the points outlined below including networking and building relationships with existing and potential partners and customers.

Uncovering new opportunities for the application of our research as well as helping me get up to speed pretty quickly on the commercial environment in the mobile space was invaluable not to mention the process of developing our messaging around this massive market pretty early into my tenure.

Two weeks after returning from Barcelona we hosted Belfast 2012: The 2nd World Cyber Security Technology Research Summit at CSIT.  Preparations for this were pretty consuming.  Again the process of prepping for and hosting this event were priceless in terms of building relationships, setting our commercial and research roadmap as well as firming up my thoughts around strategic direction.

Scorecard

Now lets look at how I think I performed against the list:

Meet with my manager for a first 30-day review. Ensure I am focusing on the right activities and adjust as necessary.

Partially done.  We meet weekly and continue to chat most days regarding ongoing activities.  We plan to sit down to formally appraise my performance over the first 2 months next week.  It should have happened last week but more important priorities meant this had to be pushed out.

Take ownership of some projects.

Done.  I am currently working on a number of projects which have short and medium term delivery dates.  There are no shortage of projects.

Contribute my thoughts/ideas on how to streamline industry partners and programs.

Done; ongoing.  These get discussed each week as part of our commercial team meeting.

Make a list of activities/project that will contribute to meeting the department objectives and set up a plan to reach the goals.

Partially done. See earlier comments.

Go to lots of meetings and begin to run some of them.

Done.  I already chair a monthly marketing meeting with marketing representatives from the various research clusters feeding into that.  I also attend several organisational weekly meetings.

Continue to build relationships.

Done.  Mobile World Congress and The Cyber Summit were excellent for doing this.  I also continue to meet with colleagues from across CSIT as often as I can to build up a funnel of content for our websites and for raising our profile globally.

Begin to write materials (drafts)

Done.  I am in the process of refreshing our web estate which necessitates writing new and rewriting old contents.  I have also been updating marketing collateral, drafting funding proposals and producing press releases.

Continue to learn and read as much as possible.

Done.  The role is such that I will never stop learning and reading.  It’s par for the course.

By this time I hope to have uncovered some promising unexploited opportunities for growth and have begun to figure out how to exploit them.

Done.  I’ll keep them under my hat for now. 😉

So I make that seven out of nine achieved and a further two partially achieved.  Not a bad result given the events that took place this month.

Update: I almost forgot to mention that during all this I took time out to guest on The Tech Show, a podcast in eamonmallie.com’s Tech section focused on the technology scene in Northern Ireland presented by Chris Taylor and Matt Johnston.  On the show I talk about cyber-security and an exhibitors perspective of Mobile World Congress.

What is a Technical Marketing Manager?

I started this morning writing a long post about my second 30 days in my new Technical Marketing Manager (TMM) post with The Centre for Secure Information Technologies (CSIT).  I found myself explaining how a TMM is similar to a Product Manager (PM).  It probably deserves a post of its own.  So here it is.

Some of you might be wondering why I take advice from a product management blog (On Product Management) when my job title is Technical Marketing Manager.  So what does a Technical Marketing Manager do?

In a sentence I see it as taking overall responsibility for marketing the product of a hugely technical organisation; something that is much more than the 4 P’s.

I see my current role as sitting on a spectrum of similar roles spanning from Technical Product Manager, Solution Specialist, Product Manager, through to Analyst, Product Marketing Manager and finally Technical Marketing Manger.  I’m probably a much better communicator than technologist, therefore the marketing aspect just feels like a better fit.

Ultimately all varieties of PM need most or all of the following skills:

  • Just doing it
  • Domain experience
  • Communication skills
  • Decision making ability
  • Environment scanning
  • Business understanding
  • Technical experience
  • Negotiation (both internally and externally)
  • Selling
  • Networking (of the human variety, not 802.x)
The list isn’t exhaustive but I reckon I use all of those every day.

Hat tip to onpm again for the skills list.  I’ve added a few of my own.