Fordham and the FBI are bringing knowledge and technology to bear on the battle for Internet security
By Steve Lohr
Growing up, Anthony Ferrante was passionate about baseball and hockey, but also science and engineering. His first taste of computing came in the third grade, when he got one of the early Apple luggable computers and wrote a simple record-keeping database on his own. “I showed my teachers, and they were amazed,” he recalls.
Later, as a teenager, Ferrante was a standout student in a new Web programming class at Cheverus High School, the Jesuit college preparatory school in his hometown of Portland, Maine. He went to Fordham University, majored in computer science and, after graduating in 2001, got good jobs at computer consulting firms for the next few years while earning his master’s degree at Fordham.
The consulting work paid well and was often intellectually stimulating, Ferrante says, but he wanted a career in public service. Sensing the growing challenge that computer crime posed to law enforcement, he applied to the Federal Bureau of Investigation, passed the rigorous tests and screening interviews, and became a special agent in 2004.
“I took a fifty percent pay cut to join the FBI,” he says. “And it was the best decision I ever made.”
Since then, he has worked mainly on counterterrorism cases, monitoring Internet messages, websites and blogs for suspect activity. In 2006, for example, a terrorist plot to blow up the PATH commuter-train tunnels connecting Manhattan to New Jersey was thwarted, resulting in 14 arrests in 22 countries. “That was a case that started in our squad,” he notes.
The FBI-Fordham Connection
When Ferrante joined the bureau, he became part of a long-standing bond between Fordham and the FBI. He is one of 39 agents in the bureau’s New York office who are University alumni, a member of the “Fordham mafia,” as the agents jokingly call themselves. But Ferrante, an adjunct professor at Fordham, is also helping to create a new chapter in the University’s relationship with the bureau—one that promises to enrich Fordham academically while providing the FBI with more people skilled in computer security.
In recent years, Fordham has built up its computer and information sciences department with greater expertise in cybersecurity. It has steadily enriched the curriculum—with a new graduate course in forensic computing added this spring, for example—and aggressively reached out beyond its halls.
|anthony ferrante, FCRh '01—one of 39 agents in the fbi's new york office who are fordham alumni—is helping to create a new chapter in the university's relationship with the bureau.
In January 2009, Fordham took a big step toward establishing its credibility in the field by hosting a three-day meeting, the International Conference on Cyber Security (ICCS), in partnership with the FBI. More than 500 attendees came to the Lincoln Center campus from 40 nations, and the conference speakers included law enforcement officials, leading university professors, and researchers from corporations like Microsoft, Google and I.B.M. One of the featured speakers, Howard A. Schmidt, joined the Obama administration in early 2010 as the White House cybersecurity coordinator.
This summer, from August 2 to 5, the University and the FBI will host the second annual International Conference on Cyber Security, once again on the Lincoln Center campus. ICCS 2010 comes at a time when there is growing concern about cybersecurity among the public, corporations and governments, and increasing evidence of the rising sophistication of cybercrime.
Cybersecurity was front-page news in early January, when Google publicly announced that its computer networks had been hacked and pointed to China as the culprit. Google’s confrontation with China was exceptional in some ways, extending to human rights (some Chinese activists’ Gmail accounts had been compromised) and international politics as well as high-tech spying. Yet, as investigations proceeded, it turned out that some 30 other large corporations were attacked in the same wave of cyber assaults. The episode left every corporate network in the world looking a little less safe.
Nation-states are also at risk. At the end of January, America’s top intelligence official, Dennis C. Blair, told lawmakers in his annual testimony on threats to the United States that the penetration of Google’s computers from abroad, along with mounting evidence of a surge in cyber attacks, should serve as a “wake-up call” for those who doubt the potential of computer warfare. “Sensitive information is stolen daily from both government and private-sector networks,” Blair said. And the threat of a crippling attack on telecommunications and other computer networks that animate the nation’s transportation systems, electric grids and financial markets is growing. “Malicious cyber activity is occurring on an unprecedented scale with extraordinary sophistication,” he observed.
|The Fordham-FBI conferences come at a time when there is growing concern about cybersecurity ... and increasing evidence of the rising sophistication of cybercrime.
For his part, Ferrante says neither the Google attacks nor the intelligence director’s sobering diagnosis surprised him. Yet a higher profile for cybersecurity, he says, should have the benefit of increasing the chances that more resources and smart people will be dedicated to combating the problem.
“The more the U.S. government and our country as a whole take notice,” he says, “the better off we will all be.”
Building Networks of Defense
Fighting computer crime in all its forms—from cyber terrorism and state-sponsored attacks to thieves targeting your identity and your money—is an ever-escalating campaign. Digital technology is constantly evolving, opening the door to new threats, but also to innovative countermeasures. The so-called black hats are increasingly sophisticated and organized in far-flung networks. So the white hats, the law enforcement agencies, corporations and university researchers seeking to combat cyber threats, must increasingly share the latest technical information and cooperate in networks of defense and detection.
The Fordham conferences are designed to address that need. They bring together a community of professionals to discuss emerging technologies, enforcement techniques and real-life cases during an intense few days intended to be the kind of experience where personal contacts are made and informal channels of communication opened up. The conferences take months to organize and require the work of many people. At the bureau, Ferrante and Austin Berglas, a senior agent in the cybercrime squad, are the prime movers behind ICCS 2010. At Fordham, the lead organizers both years have been D. Frank Hsu, Ph.D., Clavius Distinguished Professor of Science and associate dean of the Graduate School of Arts and Sciences, and Damian Lyons, Ph.D., an associate professor and chair of the Department of Computer and Information Science.
Last year’s conference was a hive of activity. Conversations and debates were thoughtful, spirited and sometimes emotional. The subjects ranged from the broad policy issues raised by digital surveillance to the bit-level intricacies of network design and pattern-matching algorithms.
Shawn Henry, assistant director of the FBI’s cyber division, offered an overview of mission for the conference in his first-day address. He noted that the bureau was founded in 1908 in good part to deal with the new technologies of the time, the automobile and the telephone, that gave crime a new geographical dimension: interstate.
Today, the limitless spread of digital technology—behind every Google search, every e-mail message, every purchase from Amazon or eBay—means that communication, entertainment and commerce are more and more dependent on the Internet and corporate computer networks. “The value that [technology] brings to our life also creates the vulnerability that haunts us all,” Henry said. Crime naturally follows. “The business of the world has moved to the network,” he added, noting that the storied thief Willie Sutton’s famous line, about robbing banks because that was where the money was, needed a computer-age update. “Guess where the money is now? It’s on the network.”
Indeed, in a survey of 443 companies and government agencies published at the end of 2009, the Computer Security Institute found that 64 percent reported their networks were penetrated by malicious software, so-called malware, last year, up from 50 percent the previous year. The financial loss from security breaches was $234,000 on average for each organization. Estimates of the total losses from computer-related data loss, identity theft and network breaches range up to $1 trillion worldwide.
The DarkMarket Case
Technology can help thwart computer crime, but it can never really substitute for the old-fashioned crime-fighting skills of human communication, observation, and understanding an adversary’s motivations and weaknesses. That was a theme struck repeatedly during the conference, and in later interviews with bureau agents and investigators.
One case described at the conference was the successful infiltration of an underground fraud-trading website called DarkMarket. Keith Mularski, an FBI supervisory special agent, rose to become an administrator in DarkMarket, with the screen name Master Splynter, who fashioned himself a Polish hacker. DarkMarket was a kind of criminal eBay, trading in stolen credit card numbers, bank login passwords, spyware and spam programs. On the site, accredited reviewers looked over the illicit goods to ensure quality, so, say, the purchase of a flat-screen TV at Best Buy with a pilfered credit card would not be stopped. There were ads by approved vendors. “These guys are businessmen,” Mularski observed.
|“The value that [technology] brings to our life also creates the vulnerability that haunts us all,” henry said.
For two years, ending in September 2008, when DarkMarket was shut down, Mularski used his position as an insider to run an international sting operation, working in cooperation with law enforcement officials in nine countries. The result was 59 arrests, an estimated $70 million in bank fraud prevented, the recovery of more than 100,000 compromised credit cards and the confiscating of six complete packages of software tools for fraud. “We mitigated a lot of losses,” Mularski said. “And Operation DarkMarket is a case study for how we’re going to move in the future.”
Computer Science Meets Behavioral Science
For computer scientists like Hsu and Lyons, cybersecurity is a thorny, multifaceted intellectual challenge—and an opportunity to help combat crime. Computer science is a relatively young academic discipline—the first university departments appeared in the late 1960s—and it is a blend of electrical engineering and mathematics.
Lyons and Hsu come to cybersecurity from those two sides, with Lyons being more the engineer and Hsu more the math theoretician. The two professors are working on somewhat different aspects of what is called “combinatorial fusion analysis,” which means trying to make sense of different kinds of data for everything from improved surveillance to finer-grained intrusion detection for computer networks.
Lyons, a former researcher at the corporate labs of the big electronics company Philips, is an expert in computer vision and automated video surveillance. He says that while remote hackers often get the headlines, approximately 70 percent of cyber crime is an inside job, in whole or in part. “It’s not the guy in Romania,” he says, “or at least not the guy in Romania on his own.”
The information required to monitor such threats involves linking computer networks to automated physical observation: closed-circuit television surveillance, employee badges with radio-frequency identification chips for tracking movement, personal computer and keyboard monitoring. By combining the information, Lyons says, “we can push back on the anonymity that a computer gives you.”
When Hsu speaks of analyzing diverse data sets, he speaks of using math to refine the hunt for useful clues and evidence. He approaches the problem more from the perspective of data mining and machine learning. Hsu notes the daunting task of grappling with the diversity of data in cybersecurity, from the precision of a computer address on the Internet to the uncertainty of a partially hidden image of a suspected target in a crowd scene. “The statistical approach has its limitations with a complex computational problem, and cybersecurity is a very complex problem,” Hsu says. “Pure statistical models have a hard time capturing that level of human complexity.”
|“The statistical approach has its limitations with a complex computational problem, and cybersecurity is a very complex problem,” Hsu says.
In its pursuit of cybercrime, the FBI is not only seeking to collaborate with universities, researchers and law enforcement agencies around the world, but also with the private sector. And Edward Stroz (GBA ’79), a former special agent, is an ideal bridge.
In the early 1990s, Stroz was working on fraud cases for the bureau in New York, and more and more he was finding valuable records in computers—digital bread-crumb trails. “It was clear that computer evidence was going to be a big deal,” he recalled. In 1996, just as the Internet was taking off, Stroz was put in charge of the FBI’s new Computer Crime Squad, which began with eight agents in New York, Washington and Los Angeles. The team expanded along with computer crime, and his investigations ranged from Internet hacking intrusions and denial-of-service attacks to e-commerce fraud and theft of trade secrets.
In 2000, Stroz retired from the FBI and founded a computer forensics and investigations firm, Stroz Friedberg. Its modern offices in lower Manhattan are staffed with computer experts, former prosecutors, accountants and police officers. Its pristine forensics lab has a special rubber floor, which is static-free so as not to disturb bits of hidden digital information on temperamental hard drives.
Law firms, Congressional committees, corporations and law enforcement agencies have all sought out his company’s services. His company has pioneered the useof natural-language and text-analytics software to comb through e-mail for behavioral assessments of suspects and their motivations. It helps by supplying investigations leads, he explained, “based on data, not hunches.”
Yet Stroz emphasizes that the technology, though powerful and vital, is only a tool. Cases, he says, are not solved sitting at a desk behind a computer screen.
“A lot of it boils down to the old FBI techniques, developing a rapport with sources, informants and suspects,” Stroz says. “Human behavior is the key to crime. No law in the books ever threw a computer into jail.”
—Steve Lohr is a senior writer and technology reporter for The New York Times. He is the author of abook for young adults titled Digital Revolutionaries: The Men and Women Who Brought Computing to Life (Flash Point, 2009).