Matt Might teaches his students at the University of Utah School of Computing how to be hackers so they can become cyber-security experts. Might will be talking about cyber criminals and computer security as part of the Leonardo After Hours’ program “Under Attack: High Tech Crime and Countermeasures” on Dec. 7 from 6-7:30 p.m. at the Leonardo Garage (375 North 500 West, Unit 6).
What’s the goal of a hacker? Sending penis-enlargement spam? Identity theft? The biggest concern for the average user is having their identity or their credit card stolen. But, if your computer gets broken into, you might not even notice. They might not do anything malicious with your data. When criminals break into your computer today, it’s not because they want information, it’s because they want the computation resources that you have. Your computer will be involved in extortion rings to take down other Websites. Cyber criminals in places like Eastern Europe will try to take control of millions of other people’s computers and then use botnets to extort companies. If a company doesn’t pay the extortion fee, they’ll turn the botnets loose and basically flood the servers and take them down. Some of these Botnets are so large that there is really no other option than to pay the fee, unless you’re as large as, say, Google. The estimates that I’m getting from the FBI is that cyber crime is now bigger than drugs, globally speaking. When they’re not extorting, they’re using your computer to send out spam.
I’m safe from viruses as long as I stay away from porn, right? You can get them from just about everywhere. You can get them by clicking on a link in your e-mail, you can get them on a USB stick. Some of them you don’t have to do anything. If you have your computer on and plugged into the Internet, they can break in and take over. There are flaws in the operating systems. Some of these worms, when they exploit unknown flaws, can spread worldwide in minutes and infect every infectable computer.
How can users protect themselves from hackers? For the average user running Windows, you want to keep your antivirus software up to date. That’s critically important. The other thing you need to do is develop suspicion about whether or not something’s legitimate. A lot of the stuff that gets people is social worms breaking into Facebook or e-mail or other networks, and they send e-mails masquerading as your friends. You think it’s your friend sending you something to click on. If you get something from a friend and it looks a little suspicious, don’t click on it. Basically, be aware that people are using devious tactics like that to get to users these days.
Do Macs live up to the hype of being impenetrable? Yes, with an asterisk. You’re very safe if you’re browsing on a Mac these days. But part of the reason you’re safe is that cyber criminals’ motive isn’t mischief anymore—it’s all about making money. You need to target the widest base of people you can. If you develop a back door or some sort of worm for Windows, you get 90 percent of all the users in the world. If you develop it for Mac, you get 9 percent. In terms of cost-benefit analysis, if you’re a cyber criminal, you’re much better off trying to exploit Windows. And Apple has gone to considerable lengths to make their operating system more secure. Even if Mac were as popular as Windows, it would still be a much more secure platform.
How is a university class going to stop cyber criminals? My general charge is making software that helps other software perform faster, safer, more secure. Part of that is definitely security. One of the reasons I teach hacking is you can’t really defend against this stuff unless you know how to do it yourself. My approach to information security is very different than the current approach. The current approach is, once we find out there’s a problem with our software, we go out and fix it and try to patch it. My whole research agenda is trying to build computers that can't be broken into at all. We’re trying to build the impervious information security device. If you’re running this thing, there’s no way to attack you on it or break into it. That’s a project that’s actually being funded by the military—that’s obviously very important to them.