But exactly when and where such censorship is being done has proven hard to measure.

Now, researchers from the University of Michigan are enlisting 400,000 servers around the world to monitor censorship and network interference. Their project is called Censored Planet.

“Ideally, a router’s job is to send data forward—but they are smarter now. Some very clever things are being used to block access to information,” said Benjamin Vandersloot, a University of Michigan computer science and engineering doctoral student, speaking on Jan. 10 at the Fordham-FBI 2018 International Conference on Cyber Security.

Say, for example, that you want to send a message to Facebook. Your request pings from router to ISP to another to another (many others) and then eventually to the Facebook server itself.

“If you are in China, you are going to bounce by a router controlled by the Chinese government or a hired hand they control,” said Vandersloot. “China and Iran are the most public countries about web censorship practices. Right now, it’s currently accelerated in Iran because of the protests.”

Greatfire Is Blocked

One site censored in China is Greatfire.org https://en.greatfire.org/, a website dedicated to listing where internet censorship is being anecdotally reported in China itself. “They don’t want this transparency in the process,” he said. “Moreover, they don’t want people even talking about censorship.”

Although nobody can say for certain that the persons pulling the switches are censoring, the project measures patterns that show connection breakdowns.

“Iran has shown increased censorship before around times of elections, as do many other countries,” said Vandersloot.

There are three ways of censoring internet use: blocking Domain Name service; blocking your IP and TCP connection to the web; and blocking an “application layer” request of a web page. Censored Planet is measuring all three methods, said Vandersloot. The 400,000 servers being used for Domain Name testing receive data “packets,” and the servers send information “packets” back.

“We ask, ‘hey, tell us where is Google is’ and we see the stuff they send us back. We can measure whether we get a result that is genuine,” he said.

“We who work on Censored Planet are in favor of internet freedom. And we’re trying to enable that for everyone.”

At “Connectivity and Cyber Safety in Natural Disaster Zones,” a panel discussion held on Jan. 11 at the 2018 International Conference on Cyber Security, panelists discussed the best strategies for promoting cybersecurity in the most chaotic, challenging environments.

It featured:

Jake Schmitter, senior manager, North American Electric Reliability Corporation; Adam Marlatt, founder, Global Disaster Immediate Response Team; Keith Robertory, Director Embedded in FEMA, American Red Cross; Michael R. Singer, assistant vice president, and executive director of technology security at AT&T; and Ron Snyder, senior network engineer, Cisco Tactical Operations.

Trusted partnerships between technology firms and nongovernmental organizations that have been established before natural disasters strike are key, said Robertory. When he was in charge of disaster technology for the Red Cross, he often called telecommunications firms’ emergency teams for help. Although their standard spiel was that they couldn’t direct their priorities, Robertory said there were ways to cut through the red tape by emphasizing the critical needs and players.

“Knowing what your partners can do and cannot do is very important.”

During natural disasters, Robertory said “trying to make things easier for disaster survivors may also make it easier for hackers.” He cautioned that privacy pitfalls await well-intentioned efforts to help reunite displaced people, especially when their status and addresses are made public when they sign in to verify their safety after a disaster. For this reason, he noted that the Red Cross’ Safe and Well system doesn’t reveal a person’s location or any personal information.

“You have situations where landlords say ‘You need to tell me you registered for assistance, prove it by giving me your number.’ Then they can change the routing where the financial assistance goes,” he said.

Singer said a new development called “mobile key” holds promise for safeguarding personal information, especially for rescue workers who have access to command and controls, he said.

“You can look at a lot of things about how a person might hold a device, unlock a device, maybe put a certificate on the device. As you build up more and more things that can check, it builds your confidence that yes, that’s the right person, so let them take the next action,” he said.

Preventing disasters from happening in the first place is equally important, said Schmitter. The 2013 North American blackout was caused in part by human error and failure to follow proper procedures. To prevent it from happening again, the industry holds a large-scale exercises, dubbed “gridmageddon,” where every bad thing that could possibly happen within a two-day period is simulated.

“When the industry has an incident, how do they respond? And how do they reach beyond themselves when they’re in a situation that’s overwhelming?” he said.

“Do they have those preexisting relationships so that when bad things do happen, they know exactly the capabilities they can ask for, what the requirements will be, and how to get power back online as quickly as possible?”

Talk of power grids led to the plight of Puerto Rico after Hurricane Maria. Robertory said it’s difficult to convey how challenging it is to bring power back to the island. High-tension electrical wires in the United States are separated by wide right of ways, for instance, while many in Puerto Rico are not. So in some mountainous regions, it’s easier to reinstall poles by helicopter than by truck.

And, he said, you have to remove the existing infrastructure first.

“There’s a lot of good work going on in Puerto Rico, but it is simply overwhelming.”

Keane, president of GSI Consulting and a four-star-general, made the remarks at a panel discussion alongside Giampiero Massolo, CEO of Fincantieri, S.P.A, and Jeffrey A. Tricoli, section chief at the FBI’s Cyber Division in Washington D.C.

Moderator Michael J. Sulick, former director of the National Clandestine Service at the CIA, said that it took 9/11 for a lot of the walls to fall between U.S. and other foreign intelligence agencies. He also mentioned the intense rivalries between the FBI and CIA and even within the agencies themselves, where different divisions ate in different cafeterias.

Keane said he’s certain that the nation is not prepared, should another high-level disaster hit.

“We are woefully inadequate,” he said.

Keane said that the days of launching a Desert Storm-type invasion are likely over, because cyberattacks could hack communications systems before a military plane even got off the ground.

“The degree that cyber is impacting military operations is very dramatic,” he said.

Cyber warfare has altered the balance of power between states, creating an ambiguity in trying to measure and influence potential adversaries, said Massolo.

“In a way, we need to counter the threat before even understanding it,” he said.

Massolo said intelligence agencies need to reinvent the cycle in which they operate. Before, it was limited to preventing, preempting, and disrupting. A more progressive approach is now being taken, especially in Europe.

“We usually consider the Americans more sensitive to security than us,” he said. “We [have been]more about guarantees. But cyber is one of those factors that has two sides to the fabric.”

He added that not all the answers can be solved with big-data gathering; target selectivity can just as effective in cyber wars.

“One stone is enough,” he said. “Hit the giant in the right places; you don’t have to cover him.”

A former ambassador to the Ministry of Foreign Affairs, Massolo noted that Italy’s success at defeating domestic terrorism. It required a “whole country approach” where regional differences were set aside.

“We need to overcome the sense of ‘otherism’ that dominates our society, not just in governments but also in companies and the media,” he said.

Such polarization exists in news outlets and social media platforms today, too, Tricoli said. where likeminded people share likeminded news. It can proliferate fake news.

“There are basic tenets of journalism you should follow,” said Tricoli. “Not everybody who has a keyboard and pen follows them because it’s a different environment today.”

“But we still need to be educated as consumers, and that’s what we’re really trying to say. How [the media]is sourced, and where its coming from, that’s important.”

“702 is absolutely a vital national security tool, it’s something that allows us to understand terrorist threats, and keeps the country safe—there’s no confusion on that,” said Joyce, speaking on Jan. 11 at the 2018 International Conference on Cyber Security.

Joyce said that a proposed Amash Amendment, which sought to end the National Security Agency’s sweeps, under the 702 program, of Americans’ phone and electronic records when pursuing foreign suspects, would have a “chilling effect” on the way the law is applied. (The 702 extension passed without the amendment.)

In response to a question from Reuters, Joyce said that information gathered under Section 702 has never been used for political purposes and is overseen by all three branches of the federal government.

Wanted: 300,000 Skilled Workers to Fill Cybersecurity Jobs

Joyce’s ICCS presentation also underscored other aspects of cybersecurity. He said that from the moment a person plugs in a new computer, malicious attempts are made to access the data on the device. The problem is writ large for government and private sector institutions.

“They’re coming at our infrastructure and capabilities, not [just]our information,” he said.

He called for an “accountability culture” that holds top executives in the C suite responsible for any breach within a corporation, and not simply relegating security decisions and responsibilities to the IT department.

“Tech solutions are not enough to solve the cyber problem,” he said. “People are driving it.”

As we put more and more information online via the internet of things, there will be more need for experienced personnel across many disciplines, he said.

“As I met the Fordham students today who are working the conference, there were computer scientists in that group. But there were also psychologists and economic majors,” he said. “No matter what discipline you’re in, you’re going to have a connection to a cybersecurity problem.”

Higher education should reflect that trend, he said.

“We also need females and minorities, in the same percentages as white males, working in the cybersecurity community,” he said.

He added that the long-term health of the nation and its industries are buttressed by research at the graduate level. And with nearly 300,000 jobs in cybersecurity currently available, the need for talent is becoming dire. This is particularly true in the government sector, where the security clearances and salaries can limit the talent pull.

“We have fewer people going for graduate degrees, especially fewer U.S. citizens, in computer science and engineering,” he said. “In the national security space, that’s a problem.

“We need innovative research with ‘cleared’ people in that arena.”

In a Jan. 10 session at the ICCS18, Thaier Hayajneh, Ph.D., associate professor of computer and information sciences and director of Fordham’s Center on Cybersecurity, Rien Chy, GSAS ’07, operations manager for Fordham, and Damianos Pinou, GSAS ’07, director of Data Center Operations at BITS, made an impassioned plea for the more attention to protecting the nation’s power grid.

The team cited several past incidents as cause for concern: A 2013 sniper attack on 17 electrical transformers at a transmission substation near San Jose, California; “Dragonfly,” a 2014 cyber espionage campaign that disabled energy-related targets in the United States and Europe; and the attack on a Ukrainian power grid in 2015 that left nearly 230,000 people without power for up to six hours.

“Our grid is extremely old, exceedingly fragile, and expensive to repair. The United States has a total of 55,000 high-voltage transformers or substations, 10 of which represent the main interconnected points. For security reasons, these main ones are in undisclosed locations. But an attack that was planned and orchestrated properly on them could collapse the entire grid,” said Pinou.

In many cases, he noted that high-voltage transformers are only partially protected by metal fences—as opposed to full enclosures like those found in Germany. Such enclosures are one of several proven methods to protect data centers from EMPs, others that the team discussed are: maintaining distance from an attacker, metal lining in hardened walls, and wire mesh covered (or bricked over) windows.

Faraday Cage to the Rescue

To demonstrate why they’re so important, Pinou turned on a prototype EMP device in the vicinity of two laptops; the team had constructed the EMP from over-the-counter parts. One laptop was unprotected and the second was ensconced in a metal mesh “Faraday cage.”

When activated a few inches away, the EMP device shut down the unprotected laptop immediately, while the latter was unharmed as the mesh cage dispersed the energy.

“Imagine anyone with access to critical network, who has certain privileges and is able to identify key components in that infrastructure. That person can easily magnify this and walk into allocation, take down something, and walk out,” he said.

Pinou and Chy conducted the research as part of a capstone project in a cybersecurity course under the supervision of Hayajneh, and are presenting their findings in a forthcoming paper, “Electronic Warfare and Cyber Security Threat.”

“This is a core course in our MS program in Cybersecurity in which we teach the student’s cybersecurity research and analysis methodologies,” Hayajneh said.

They said that first and foremost, the question of who is responsible—government or private industry—for protecting the electrical grid from physical and cyberthreats needs to be resolved.

“Unfortunately, if Congress and the government continue to move at a slow pace, once day it may be too little, too late,” Pinou said.

According to John Brennan, former director of the Central Intelligence Agency (CIA), it also presented an opportunity to confront Russia.

In his keynote address at the Fordham-FBI 2018 International Conference on Cyber Security on Jan. 10, Brennan, FCRH ’77, who served as CIA director from 2013 to January 2017, said he told a top Russian intelligence leader in 2016 that Russian meddling in the nation’s election would “backfire” because all Americans would be “outraged” by the country’s actions.

“Clearly there are some Americans who say, ‘Let’s not worry about that,’ which is very, very unfortunate,” he said, after noting that “it’s incontrovertible that the Russians did try to interfere” in the election.

“It’s not just the Russians that pose a challenge in that context as far as our future elections and election processes,” he said. “We’re vulnerable to other attempts—whether they be domestic or foreign.”

Speaking to a room of prominent cybersecurity experts and law enforcement professionals, Brennan called for a statutory provision that would require directors of the Federal Bureau of Investigation (FBI) and the CIA to disclose any critical cybersecurity threats ahead of U.S. elections.

“I think it will take away some of that uncertainty and discretion,” he said.

A disturbing trend

Brennan sees the increasing collaboration that exists between foreign intelligence services and hacking organizations, or non-state actors, as a developing threat to the United States. In his remarks, he mentioned the recent arrests of hackers who teamed up with Russian intelligence officers for the 2014 cyberattack on Yahoo!.

He called the alliance a “disturbing, frustrating trend” for U.S. intelligence administrators who are trying to track down malign actors in the cyber environment.

“[Foreign intelligence organizations] are leveraging that capability outside in order to augment what they already have,” said Brennan. “[What’s] even more important for them [is]to attenuate the forensic trail and the connection between what they do, and who, actually, is carrying it out—as opposed to who is directing it.”

For Brennan, who currently serves as a distinguished fellow for global security at the Center on National Security at Fordham Law, striking a balance between privacy and security continues to present major challenges for the FBI and other intelligence units that are trying to curb cybercrimes.

As the world’s dependence on automation, artificial intelligence, and digital currency grows rapidly, he stressed that there needs to be unprecedented partnerships between private and public-sector entities, as well as top professionals and futurists in science, technology, and other disciplines in the United States.

“There really needs to be a better sense of exactly how the government is going to fill its responsibility to keep its citizens safe and secure and carry out the rule of law in this environment where, in some respects, it’s like the Wild Wild West,” he said.

More Coverage from ICCS Day 2

Getting Through to Google

Panelists Demonstrate Danger of Electromagnetic Pulses

Will It Take Another 9/11 to Wake Us Up?

So, you think you can create an avatar and mask your identity on the net? Well, think again. That was the takeaway from the brief but dense talk on identifying social network users, given by Marina Gavrilova, Ph.D., professor and and head of Biometric Technologies Lab at the University of Calgary, Canada.

Gavrilova presented over the course of two days at the Fordham-FBI 2018 International Conference on Cyber Security, beginning with a lecture on multi-model biometric fusion for cybersecurity on Jan. 8 and then on identifying social network users by their online behavior on Jan. 9.

Multi-model biometric fusion essentially combines the many ways an individual can be identified in both the real world and online. It’s not one fingerprint, computer program, algorithm, social media profile, or facial recognition that identifies persons, but rather “a proposed philosophy” that combines all of the data to identify them, said Gavrilova.

For example, a person’s gait can be recognized on their way to catch a flight. Their face and ear points can be identified by a surveillance camera as they pick up their baggage. When they go online they can be identified the by the way they use their mousepad, the pressure they put on the keys, and how fast they type.

“As long as information has been collected over time, how strongly you press on the keys, which keys you like to press, even the frequency, how fast you type, where you move your hands, and when you type can identify you,” she said. “As long as this information is available it becomes part of your so-called biometric template.”

To snag a cybersecurity suspect, such surveillance doesn’t necessarily need expensive equipment.  If someone creates a profile on Twitter or another social network, they can still be identified simply by the way they text, their spelling mistakes, hashtags, favorite words, and their associations. Gavrilova likened it to going to a doctor with symptoms—a headache, a stuffed nose—and the doctor trying to figure out what the illness is.

“It’s the same with biometric. We say we have these face points, these ear points, this social profile, who is that person?”

“Even if you don’t have the physiological data and the person is simply hiding behind a login name—but is active online—we can look at all this information,” she said. “You can view their activities, acquaintances, and the times that they’re online.”

All of the data becomes part of a multimodal system that can precisely profile the person and  even how they change.

“In some ways, it’s like old-school spying: Someone talks to someone on the street and gives them a briefcase. They go into a room. You don’t know what they’re talking about, but you can see their gestures and who they’re talking to,” she explained. “Now that information is available in plain sight on the web,

“We all have a data foot print—and it’s enormous.”

Mirko Manske, first detective chief inspector of the Federal Criminal Police Office of Germany (BKA), said the home routers were taken over by the malicious malware Mirai. He spoke about the search for the hacker, known by the alias BestBuy and Popopret, at the 2018 International Conference on Cyber Security on Jan. 9.

According to Manske, the hacker took advantage of a security vulnerability that had once enabled Deutsche Telekom to fix and update its customers’ home routers remotely.

The case’s investigators worked to uncover the identity of the hacker, and discovered several clues along the way, he said.

“The attacking scripts had one very interesting comment in there that was linking to an Instagram post, and it was a picture of a flyer that was called BotNet14,” said Manske. Referring to the 29-year-old man now identified as Daniel Kaye, Manske said “he basically left his fingerprints to say, “That’s me that’s attacking you.’”

A Global Win

Manske said his team relied on open source intelligence, which helped them to pinpoint important information about Kaye, including IP addresses he used and locations that he’d traveled to before the attack. They also learned that BestBuy and Popopret were the same person.

“He was bouncing through proxies all around the world, so we were not going to be able to find out where he was,” said Manske.

Under his pseudonyms, Kaye was also doing interviews with the media about the massive outage—while the investigation was still pending, said Manske.

“[He was] really [hacking]on a professional level…” he said, noting that investigators had to demonstrate the impact of Kaye’s crime in order for the court to bring charges against him: Even though Kaye had implemented a threatening cyberattack on millions of people in the country, Manske said that he did so inadvertently while trying, unsuccessfully, to compromise the routers.

“From our legal perspective, what he did was basically digital graffiti,” he added.

Even though Kaye served only five months in prison, Mankse argued that the operation was effective. He also believes there may be additional legal woes ahead for the hacker, since he was re-arrested in court after being released, and extradited to the United Kingdom for allegedly extorting U.K. banks.

“It’s a global win,” Manske said.

At its peak in 2015, the anonymous online market AlphaBay had an estimated 200,000 users who used cryptocurrency to buy and sell drugs, weapons, and a myriad of illegal goods and services.

It all came crashing down in July of last year, when U.S. and international law enforcement agencies seized it and arrested Alexandre Cazes, a Canadian citizen who ran the site.

On Jan. 9, FBI Special Agent Nicholas G. Phirippidis told attendees at the ICCS 2018 how “Operation Bayonet,” as it was dubbed, came together.

The bureau’s first break in identifying Cazes came when an agent in Fresno made two arrests of vendors who’d been selling on AlphaBay. Those arrests prompted someone to leak to the agent an e-mail that Cazes had sent to an early user of AlphaBay, and that e-mail revealed both an ISP address and Cazes’ personal Hotmail account.

Phirippidis said that as they began to track down his digital footprint on social media sites around the internet, it appeared Cazes had cleaned up other parts of his name online.

“For the most part, he had a lot of success, but the internet archive and a few other sites that take snapshots through time allowed us to go back and see some of the early uses of the e-mail address affiliated with his name,” he said.

“Like many of these subjects on the dark web, they try to have a firm firewall [to protect their public persona], and every once in a while, they’ll make the smallest mistake. That’s usually how we can attribute a true name to a moniker on the dark web.”

Another feature of AlphaBay that the FBI explored was the site’s so-called “bitcoin mixer,” which was billed as a foolproof way to launder cryptocurrency but which FBI analysts could figure out. They were able to trace the exchangers who Cazes had been using to convert bitcoins into real-world currency.

A Bizarre Coincidence, a Staged Accident

Phirippidis said the bust, which took place from July 2 to 6 in five countries, was as dramatic as a Hollywood thriller. Coincidentally, three days before the scheduled arrest, he and his team were sitting at the bar in the lobby of their Bangkok hotel when a Porsche Panamera E-Hybrid pulled up in front.

“As a joke, one of the prosecutors said ‘Hey look at that car, that looks like one of Cazes’ cars. I’m sure there are more than one of them in Bangkok,’” he said.

“Then we passed Cazes, who was entering through the sliding door in the lobby. It was the most bizarre coincidence I’ve ever been a part of.”

On the day of the arrest three days later, they lured Cazes out of his apartment abruptly by purposely crashing a car into the gate outside his villa. As luck would have it, when they entered the apartment, they found his computer on and already logged onto AlphaBay through his e-mail account.

A week before the FBI took over AlphaBay, European authorities had quietly taken control of Hansa, a similar site to which those fleeing AlphaBay joined on to. They operated it for two weeks to collect information of thousands of users, and then made more arrests.

“The whole point was to throw a curve ball at the dark web community, so they never really know moving forward who they could trust,” Phirippidis said.

“Looking ahead, we want to make sure we can leverage any kind of tactic to hit this thing with a hammer.”

FBI Director Christopher A. Wray gave the keynote at the Jan. 9 opening session of the Fordham-FBI 2018 International Conference on Cyber Security. He spoke of “the Going Dark problem” of protected electronic devices, and the lapse of part of the Foreign Intelligence Surveillance Act (FISA), should Congress fail to renew it this month.

Due to an industry practice of encrypting cell phones, computers, and other electronic consumer products, Wray said that last year the FBI was unable to access the content of nearly 7,800 devices, even though “there is lawful authority to do so.”

“Each one of those devices is tied to a specific subject, a specific defendant, a specific victim, a specific threat.,” said Wray, who was appointed last year following President Trump’s firing of then-director James Comey. “We are not looking for a ‘back door’ . . .[but]the ability to access the device once we’ve obtained a warrant from an independent judge, who has said we have probable cause.”

“it’s an urgent public safety issue.”

He also called for the immediate extension of Section 702 of the FISA, which allows the government warrantless monitoring of internet and phone communications to gather foreign intelligence information.

Wray, a former federal prosecutor who was in private practice when tapped for the director’s position, gave his talk from the “fresh perspective” of someone returning to law enforcement after approximately a decade.

“Back then, ‘tweeting’ was something only birds did. Now…well, let’s just say it’s something that’s a little more on my radar,” Wray said.

Wray defended the agency’s impartiality, saying that it is the honest process, not the result, that his FBI agents are passionate about.

“If the bureau starts chasing results, that’s fool’s gold. There is always going to be somebody unhappy about something that we do,” he said. “[We] let the facts go where they go.”

Higher Stakes, More Complexities

Since he last worked in law enforcement, Wray said “the [cyber]threats are growing more complex, and the stakes are higher than ever.” In fact, he noted that the term “cybercrime” is nearing redundancy, as nearly all crimes today—from terrorism to human trafficking to gangs to organized crime—involve some technological or digital component.

The FBI has been successful in infiltrating and destroying some major global operations: Wray mentioned the takedown last summer of AlphaBay, an online black market for drugs, malware, stolen identities, and more. Yet upcoming challenges incorporating more AI and cryptocurrencies will require new approaches and collaborations.

To those ends, he said, one of the main challenges facing the FBI today is finding persons who are high-end cyber-proficient, and to raise the game to stay ahead of threats. “The sad realization is that there are too few people in this country—in any country—who have that expertise. It’s a great place to be, if you are a college kid right now.”

Joseph M. McShane, S.J., president of Fordham, introduced Wray and fielded questions to him following his talk. Citing the foreign meddling in the 2016 U.S. presidential election, Father McShane emphasized cybersecurity’s vital contribution to world institutions.

“The work the FBI does has never been more important, not merely to the security of democratically-elected governments, but to world markets and to the infrastructure of civilization itself.”

(Read Director Wray’s full remarks.)

READ MORE ICCS DAY 1 COVERAGE:

To Take Out Dark Net Marketplace, Luck, Skill, Cooperation Required

Operation Harbor: an Insider’s Look at the Hunt for a German Router Hacker

There’s No Hiding