Cybercrime vs. cybersecurity

Many people rely heavily on the internet for running their daily lives. And every day, the number of internet-dependent people increases. From studying, socializing or shopping, many technologically savvy individuals use their computers or mobile devices to run errands and to entertain themselves. While technology has vastly improved our lives, countless dangers lurk on the internet. Cybercrime is on the rise and has already affected many individuals and companies.

Stu Sjouwerman, founder of KnowBe4, a site dedicated to cyber security awareness and training, stated that it has been a challenge to compete with the dynamic “industry” of cybercrime, but it is a challenge that Sjouwerman welcomes.

“There are people in Eastern Europe who go to work, punch the clock, work all day, get health benefits, leave at 5 p.m., and what they do is steal your identity or hack into your network,” Sjouwerman said.

Cybercrime has completely professionalized over the last few decades, in contrast to when only a handful of individuals had the time and money to hack into systems.

While cybercrime evolves into a larger industry, some people have yet to adapt. They are not aware of Sjouwerman’s number one rule in cyber security, “There is no security.”

Additional layers of good security can alleviate an individual’s stress regarding cyber-attacks, but security is no good replacement for human vigilance. It only takes one human error to let criminals into the system.

Professor Sean Peisert, a research computer scientist from the Lawrence Berkeley National Laboratory and a faculty member of the UC Davis Computer Security Lab, said that most anti-virus or anti-malware software only protects from known threats. As long as a hacker has enough time and resources, he or she can crack through any security system by creating something that security programs have not been programmed to deal with yet.

However, various computer and internet security companies and programmers adapt quickly in response to the challenge, studying from past hackers. Some computer security programmers work directly with hackers to improve security. For example, KnowBe4 has worked together with infamous computer hacker Kevin Mitnick. Mitnick was one of the first true computer hackers, breaking into company networks belonging to Motorola, NEC, Nokia, Sun Microsystems, Fujitsu and Siemens.

As for UC Davis, the busy people of the UC Davis Cyber-safety Program and the UC Davis Computer Security Lab work for better internet security.

The professors involved in the UC Davis Computer Security Lab explore and research various areas of internet security. Some, like Professor Hao Chen, work with mobile computing and mobile app security, while others, like Professor Karl Levitt, work on a variety of projects from intrusion detection to network tracking, and even election security.

Professor Peisert helped with the cyber attacks on the San Diego Supercomputer Center perpetrated by “Stakkato,” the alias of a group of hackers who broke into systems belonging to the U.S. Military, White Sands Missile Range, NASA and multiple universities.

In particular, Professor Matt Bishop of the UC Davis Computer Security Lab detects weaknesses in security systems.

“I look for vulnerabilities, break into things and try to fix them,” Bishop said.

He often looks at certain aspects of internet security, such as how people hide personal information. In addition, he is interested in computer security education, which includes teaching robust coding, a class of software in which the program can respond elegantly to unknown situations instead of crashing.

“Campus folk are good with security,” Bishop noted when asked about UC Davis’ status.

In the frontline for UC Davis’ cyber security is Robert Ono, IT security coordinator of the UC Davis Cyber-safety Program. Currently, the campus staff upholds the adopted Cybersecurity policy of 2005 through governance models and stringent security standards for campus network devices. While maintaining the program’s website and handling security risks, Ono oversees campus security training.

“A biennial security symposium [hosting] hands-on training and lecture seminars for technologists,” Ono said, is one of the methods for training new staff.

Along with the symposium, training includes log management, threat management and coding techniques.

Although there are companies, professors and staff all working hard to improve cyber security, they provide steps and advice to help the general public to protect themselves.

“Make sure you patch your computer and applications. If there is an update, do the update. Last but not least, use strong passwords and for god’s sake don’t use the same password all over the place,” Sjouwerman said.

Bishop gave an apt analogy regarding passwords.

“Use common sense. Realize that there are nasty folks on the internet. You wouldn’t give your car keys to someone you didn’t know very well, and you shouldn’t do the same with your password.”

Peisert said computer owners don’t need to buy loads of security software, since most end up ignoring the security alerts anyway.

“So, rule number one is back up your systems: Time Machine, CrashPlan, BackBlaze, Mozy, Dropbox and others are simple, inexpensive means for doing this.”

Ono suggested that the public “identify files on [their] computer that contain personal identity information (e.g. your name, Social Security number or credit card/financial account number) and remove the files if at all possible. There are free tools for personal use, such as IdentityFinder, that are available for scanning your Mac and Windows computer(s) for identity information.”

The overall lesson is this: practice caution and be wary, but do not be too paranoid since the internet is still a wonderful tool.

For more information go to knowbe4.com, seclab.cs.ucdavis.edu and
security.ucdavis.edu/cybersafety.html.

VICTORIA TRANG can be reached at science@theaggie.org.