Lean operations and a lack of technical staff make non-governmental organizations a prime, and relatively soft, target for well-funded adversaries, according to an academic study of a four-year campaign targeting one such group.
In a paper to be delivered at the USENIX Security Conference next week, six academic researchers analyzed nearly 1,500 suspicious e-mail messages targeting the World Uyghur Congress (WUC). The team found that, while the malware managed to reliably evade detection by many antivirus programs, the attacks were relatively unsophisticated, using known vulnerabilities that had already been patched. The social engineering tactics, however, were very targeted and convincing, with the majority written in the native language, referring to events of interest to the NGO and appearing to come from known contacts, said Engin Kirda, a professor of computer science at Northeastern University and a co-author of the paper.
“You read about sophisticated attacks, but the malware that we analyzed was pretty standard,” Kirda said. “It was not some ground breaking obfuscation or malware.”
Kirda collaborated with three researchers from the Max Planck Institute for Software Systems and two others from the National University of Singapore on the project. The research underscores that attackers only use the level of technical sophistication necessary to complete their operation, Kirda said.
Unfortunately, non-governmental organizations tend to be vulnerable to attack. The WUC, which advocates on issues involving the Uyghur Euroasian minority of 10 million people in China, used older versions of Windows, relied on antivirus software, and lacked the technical sophistication found in many enterprises. The group is funded, in part, by the US-based National Endowment for Democracy.
“The lack of resources is always a problem,” Kirda said. “Our aim should be to create technology that will trickle down to people and protect them more completely.”
Almost half the attacks used a real organizational event, such as a conference, as a lure to convince a target to open the attachments. Of the nearly 1,500 e-mails analyzed by the researchers, nearly 1,176 contained malicious attachments, mainly Office documents. The e-mails targeted more than 700 people at 108 different organizations through carbon-copied recipients, including the Australian Uyghur Association, Radio Free Asia, and NASA Jet Propulsion Laboratory.
Unlike the trend in opportunistic attacks, which generally target vulnerabilities in Java browser plugins, the WUC’s attackers started the campaign in 2009 by attaching PDF files with exploits that would compromise systems through Adobe’s Acrobat. Soon after, however, the attackers switched to using Microsoft Office documents, which constituted the vector for the lion’s share of attacks analyzed by the researchers.
The WUC has suffered a number of disruptive attacks in the past five years, including a two-week denial-of-service attack on its website in 2011 and a flood of phone calls and more than 15,000 spam messages in a single week.
About a quarter of the attacks matched the signatures of other operations attributed to nation-state actors, Kirda said. Despite some of the attacks being more than four years old, no antivirus program detected all the malware.
Organizations that believe they could be targeted by such attacks should take more concrete steps to protect themselves. Upgrading systems to more modern operating systems and regularly patching those systems can help immensely, Kirda said.
“Make sure you have all the updates; make sure you use a browser that is not standard; and pursue more training—talk about the threat,” he said.
Article from Arstechnica.com
Northeastern University has appointed Dr. Carla E. Brodley as dean of the College of Computer and Information Science, effective Aug. 1, 2014.
Brodley comes to Northeastern from Tufts University, where she is currently professor of computer science with a secondary appointment in the Clinical and Translational Science Institute of the Tufts Medical Center. From 2010 through 2013 she chaired the Department of Computer Science at Tufts.
She is an internationally recognized researcher in machine learning and knowledge discovery in databases who has applied her expertise to problems in personalized and evidence-based medicine, medical imaging, neuroscience, remote sensing, and computer security. A widely published scholar, her research has been funded by a wide range of federal agencies, corporations and foundations, among them the National Science Foundation, the National Institutes of Health, NASA, DARPA, IBM, and the Multiple Sclerosis Society.
“A leader in computing research, Dr. Brodley’s achievements have contributed greatly to the advancement of the changing field of computer science,” said Stephen W. Director, provost and senior vice president for academic affairs. “An accomplished leader and scholar, she will take Northeastern’s leadership in computer science to the next level-both within and beyond CCIS.”
Brodley serves on the boards of the International Machine Learning Society and DARPA’s Information Science and Technology Board. Among her many professional recognitions, she has received an NSF CAREER Award and memberships to the Defense Science Study Group of DARPA and the AAAI Executive Council.
“Northeastern is a university on the move and I am thrilled to be joining as the next dean of the College of Computer and Information Science,” Brodley said. “In today’s information driven age it is more important than ever to integrate computing and information science into every academic field. I look forward to working with faculty, staff, and students to build upon the great momentum that has already made CCIS one of the nation’s most exciting interdisciplinary colleges.”
She is also a member of the editorial boards of Machine Learning, Journal of Machine Learning Research, and Data Mining and Knowledge Discovery. She is co-chairing the 2014 conference of the Association for the Advancement of Artificial Intelligence and from 2008–2011 co-chaired the Committee on the Status of Women in Computing Research.
Brodley was awarded the bachelor’s degree in mathematics and computer science from McGill University in 1985 and earned her doctorate in computer science from the University of Massachusetts at Amherst in 1994. Prior to joining Tufts, she was on the electrical and computer engineering faculty at Purdue University, where she was honored with the Ruth and Joel Spira Outstanding Teacher award in 1998. In 2010, the University of Massachusetts recognized Brodley with the Alumni award for Outstanding Educator.
In an email to the faculty of CCIS, Director thanked Larry Finkelstein for his outstanding contributions as dean of the college for 12 years. “Larry’s dedication to the college and to the university, in addition to his strong leadership throughout his tenure as dean, has been key in helping the college achieve the level of excellence it enjoys today,” he wrote.
Policymakers look to these simulations to get a sense of how the outbreak might spread. They also can use them to run experiments to see which public health measures should take priority.
“I’ve spent a lot of time doing computer models of disease transmission, but rarely does it involve something in Africa. Africa is often overlooked,” says Bryan Lewis, a computational epidemiologist at Virginia Tech.
So when a defense agency called him a few weeks ago and asked him to model the Ebola outbreak, he was excited by the challenge.
Lewis started plugging data into his computer. He uses the official numbers of how many people have died or gotten infected, even though those are probably underestimates. And he says health officials really don’t have a handle yet on other important stuff that’s going on — like how many infected people stay at home versus go to a hospital, or how burial practices spread infection.
“Some of those factors are the ones that are hard to measure,” he says. “You’ve got to choose how much of this complexity you care to explicitly represent.”
What’s more, they can’t assume this will play out like past Ebola outbreaks — those hit much smaller populations in more isolated, rural areas.
Despite all this uncertainty, Lewis says his models have been able to predict the course of the epidemic so far.
“At the moment, these models — at least for Sierra Leone and Liberia — we aren’t putting in any mitigating factors. We’re just letting these things run unthrottled,” Lewis says. “And they’ve just been surging up. And they’ve been, unfortunately, accurate in the last couple of weeks in terms of the number of cases coming out.”
He says if you just kept this simulation going on and on, it shows Ebola spreading across the continent. But this scenario he’s constructed doesn’t include all the public health measures starting to ramp up now.
“We know in the real world there are efforts being directed out there, there are resources being allocated,” says Lewis. “Until we understand that better and can incorporate that into the model, I don’t think it’s very useful to speculate out past a week or two.”
Some computer simulations focus on the risk of Ebola spreading to other countries. Alessandro Vespignani, at Northeastern University with joint appointments in the College of Science and the College of Computer and Information Science, creates those models, using information about air travel and other kinds of transportation.
His work suggests that Ebola could find its way to African nations like Ghana, Gambia, and Senegal. “There is a tangible risk of spreading in the region to other countries,” says Vespignani, “probably in the ballpark of 20 to 30 percent in the next few weeks.”
He notes poor countries might have trouble keeping an imported case from spreading. And the larger this outbreak gets, the harder it will be to contain.
So while his model currently suggests that the risk of Ebola reaching the U.S. or Europe in the next six weeks or so is very small — just a small percentage — that could change if the outbreak in Africa continues to grow.
Vespignani says we need “to extinguish the fire,” so that Ebola doesn’t really become a threat to the rest of the world in the next months.
Given that all this modeling is as much an art as a science, different groups working on the problem have been comparing notes. They’ve also been fielding calls from government officials and policymakers.
Martin Meltzer, who heads up the unit at the Centers for Disease Control and Prevention that’s been creating computer models of the outbreak, says that people always ask him the same two questions: “How many people are going to die, and when is this going to end?”
He tells them too much is unknown to give any reliable answer.
Mostly, he says, the models just illustrate the need for old, tried-and-true methods for disease control, such as quickly identifying patients and isolating them.
“Modeling won’t stop this disease,” says Meltzer. “We know how to stop this disease. It’s fairly simple and it’s a matter of getting the simple activities and practices in action — in place, on the ground.”
That’s the struggle now, he says. Because while it’s easy to change a line of computer code in a simulated epidemic and, say, reduce a transmission rate by 80 percent, it’s a lot harder to do that in the real world.
Listen to the story at npr.org
It makes sense that the credit for science papers with multiple authors should go to the authors who perform the bulk of the research, yet that’s not always the case.
Now a new algorithm developed at Northeastern’s Center for Complex Network Research helps sheds light on how to properly allocate credit.
The research was published this month in Proceedings of the National Academy of Sciences in a paper co-authored by Hua-Wei Shen, a visiting scholar at Northeastern and associate professor at the Institute of Computing Technology at the Chinese Academy of Sciences, and Albert-László Barabási, the Robert Gray Dodge Professor of Network Science and a Distinguished University Professor at Northeastern.
Using the algorithm, which Shen developed, the team revealed a new credit allocation system based on how often the paper is co-cited with the other papers published by the paper’s co-authors, capturing the authors’ additional contributions to the field.
“The idea behind this is that based on an author’s previous line of work, people have a perception of where the credit lies,” explained Barabási, the director of the Center for Complex Network Research. “And the algorithm’s goal is simply to extract that perception.”
To test its hypothesis, the team looked at Nobel prize-winning papers in which the Nobel committee and the science community decided to whom the primary credit for a discovery should go. In 81 percent of the papers related to physics, chemistry, and medicine that they looked at, the credit allocation algorithm found that the authors deserving of the most credit corresponded to the Nobel laureate.
In all, the team looked at 63 prize-winning papers using the algorithm. In another finding, the algorithm showed physicist Tom Kibble, who in 1964 wrote a research paper on the Higgs boson theory, should receive the same amount of credit as Nobel prize winners Peter Higgs and François Englert.
A world-renowned network scientist, Barabási has joint appointments in the College of Science and the College of Computer and Information Science at Northeastern. The paper builds upon his research in the science of success, which uses a mathematical model for quantifying the long-term success of individual researchers.
Barabási explained that the traditional system of credit allocation varies depending on the field of research, and being the first author listed on a paper does not mean that person would receive the most credit. In biology, for example, the authors listed first and last on a paper are generally the one’s who receive credit while in physics the author list is often alphabetical.
“If you are not an insider in the field, you have absolutely no idea who should get the credit for the paper,” Barabási said.
While the science community is usually correct when allocating credit to authors, sometimes credit can go to the wrong person. In their paper, the researchers wrote that “the ability to accurately measure the relative credit of researchers could potentially impact hiring, funding, and promotions.”
Barabási also noted this new algorithm could help professors from different disciplines who collaborate on a research paper determine to whom the community would credit the paper.
When it comes to Internet attacks, hackers have traditionally taken a blanket approach, sending out malware to large, random groups of people and hoping that something would stick. But in recent years, the standard operating procedure has shifted.
“In the past we used to see these opportunistic attacks where people get randomly attacked on the Internet,” said Northeastern professor Engin Kirda, a cybersecurity expert who holds joint appointments in the College of Computer and Information Science and the Department of Electrical and Computer Engineering. “But lately we’ve seen organizations and sometimes even countries specifically targeting an organization with the aim of industrial espionage.”
In groundbreaking new research to be presented at the top-tier USENIX Security conference this month, Kirda and his collaborators at the Max Plank Institute in Germany and the University of Singapore analyzed what they called targeted, sophisticated attacks via email against a nongovernmental organization in China called the World Uyghur Congress. The WUC represents a large ethnic minority in China and was the victim of several suspected targeted attacks over the course of several years.
What they found was that “the language and subject matter of malicious emails were intricately tailored to appear familiar, normal, or friendly,” in which the sender was impersonating someone else to lure the recipient into opening an attachment or URL. As Kirda put it, “all hallmarks of social engineering.”
“People started talking about this five, six years ago, but we didn’t see a lot of evidence of targeted attacks,” said Kirda, who directs Northeastern’s Institute for Information Assurance. “Now we’re seeing it a lot. So people know these things are happening but in terms of scientific results, there wasn’t much out there because it’s difficult to get the data.”
For their study, the NGO offered to share data directly with the researchers: Two volunteers from the company offered up more than 1,000 suspicious emails that were also sent to a total of more than 700 unique email addresses, including top officials at the organization as well as journalists, politicians, academics, and employees of other NGOs.
In the new research, the team used software developed at Lastine—a security company Kirda co-founded—as well as other techniques to identify some key features of the WUC attacks. They found that social engineering was critical to the attackers’ ability to gain access to victims’ accounts; the suspicious emails were sent from compromised accounts within the company or sported email addresses that differed from friendly addresses by a single character or two. Most of the messages sent to WUC and others were in the Uyghur language, and about a quarter were in English.
They also discovered that the vectors through which the malware was delivered were most often attached documents, rather than ZIP files or EXE files, which were recently reported as the most common vectors by recent cyberespionage reports. In addition, the malware that was delivered to the victims was found to be quite similar to that used in other recent targeted attacks, rather than representing so-called “zero-day malware,” which is malware that has never been observed before.
Kirda noted that standard malware detection software is insufficient for detecting targeted attacks because it looks at the suspicious documents as static entities after they’ve performed the attack. As a case in point, the research team analyzed the entire body of existing malware detection software for its ability to detect the malicious attachments in the email corpus from WUC. No single software detected all of the malware used in the targeted attacks and some malware evaded all of the software analyzed. Since targeted attacks utilize sophisticated malware that can adapt to its environment, more sophisticated detection techniques must be used instead, Kirda said.
In an effort to address that problem, his team at Lastline developed software that is able to analyze malware “on the fly”—to observe it in action and see if it behaves suspiciously. While more research must be done to broaden the scope, the current work represents an important first step in analyzing the new wave of targeted attacks taking place around the globe.
Understanding such attacks, Kirda said, is critical to developing software capable of protecting against them. Lastline develops technology to defend against today’s evasive and advanced cyberthreats.
“It’s very important for high-tech universities like Northeastern to have spin-offs because you get the return on investment and you get to see how the real world actually works,” Kirda said. “We get data from the company that we can use in our research.”
No one hearted his co-op more than Bryan Ash, who was hired by HubSpot after a co-op stint there. #iheartcoop
An international team of researchers, including an art historian and a handful of physicists, have crunched three giant databases that record the births and deaths of notable people to map the geographical creep of culture over two millennia.
The study, published Thursday in the journal Science, presents an unusual way of tracing the arc of history. In lieu of the more typical approach of digging deep into a distinguished individual’s life or a particular time period, the researchers instead marked the discrete beginning and ends of thousands of notable lives, without regard for who they were or in what domain they had distinguished themselves. The people had been included in Freebase, a crowdsourced database of people and two databases of artists.
Mapping and analyzing the many data points left behind by artists, politicians, scientists, and other prominent people will, they hope, point to cultural and intellectual capitals and provide quantitative evidence that will both support historical interpretation and pose new questions.
“Death is certainly not random, in the sense that people tend to die where they migrate to perform their art,” said Albert-László Barabási, a physicist and professor of network science at Northeastern University who was involved in the work. “Looking at one person would not be relevant, because there are so many factors that affect the decision of where one person works and where he or she will die. With hundreds of individuals, they together map out where are the places where they can perform their art the best.”
In many ways, the findings will be unsurprising, confirming things we might have guessed. Places such as Hollywood and Los Angeles tend to be “death attractors,” where the notable deaths outnumber the notable births. The Boston area is more of a cradle than a grave; it tends to produce more notable people than ones who die here.
Maximilian Schich, associate professor of arts and technology at the University of Texas at Dallas, began the work when he was a post-doctoral researcher in Boston and notes that he may even have contributed to the city’s pattern of being a birthplace for notable people — he started his family when he lived in the area, then moved to Texas when he began his own independent research career.
Digging into any particular location, however, could reveal how patterns change over time or provide a window into what cities are cultural magnets in other countries. In the Boston area, there are places, such as Jamaica Plain, Brookline, and Newton, that tend to have more notable deaths than births as well as places such as Allston, Malden, East Boston, or Dorchester where more notable people were born than died.
“On the local level, you can see this intuitive reflection of the relative attractiveness of places,” Schich said.
The work had somewhat unconventional beginnings. For years, Schich worked as an art historian in a Northeastern laboratory that was best known for its work in a totally different area, discerning human migration patterns by analyzing cellphone data. What interested the physicists who were trying to understand human migration about his project was the idea that they could look to see what those migration patterns looked like over a lifetime and over centuries. What drew Schich to hang out with a bunch of physicists was a desire to bring the statistical tools of the quantitative sciences to a field in which scholars usually read hundreds of books and specialized in distinct time periods.
Schich and colleagues used three databases that listed the birth and death places of notable people — one that listed all-around prominent people and two that focused on artists. What the physicists found was that despite the advent of the discovery of America and the invention of different modes of travel, human migration patterns did not change dramatically through the ages. Over eight centuries, they found, the average distance between a person’s birth and death place increased, but did not even double — from 133 miles from cradle to grave in the 1300s to 237 miles in the 21st century.
They also found patterns that suggested the ebb and flow of cultural capitols. Although Paris and New York have been death attractors for a long time, for example, there are fluctuations that raise questions. New York, for example, went through a period in the 20s and 30s where it tended to be a birthplace for notable people more than it was a place for Last Rites.
There are also small towns, around the Alps, for example, or the French Riviera, that attract deaths even though they are neither large cities, nor cultural hot spots. The data revealed the rise of Rome and the subsequent growth of regional clusters in other parts of Europe.
“Collectively, putting these pieces of data together, we get a big picture of all the history of humanity as we know it today,” Barabási said.
Erez Lieberman Aiden, a professor of genetics at Baylor College of Medicine, who was not involved in the work, said that what he appreciated about the new study was the way it incorporated geography. Attempts to use quantitative tools to understand the humanities have often mined text to find patterns in words or phrases, or looked at change over time, because dates are a fairly straightforward type of data to use.
“I view this paper as doing the important work of figuring out, methodologically, how one can look at cultural changes not only across time, but across space,” Aiden said.
Geographical information can be harder to digitize, Aiden said, but especially prior to the Internet it was a key factor in understanding how people influence one another and how ideas spread.
Published in the Boston Globe
For many of us, the primary reason we use “the cloud” is for storage—whether it’s storing email through services like Gmail and Yahoo!, photos on Flickr, or personal documents on Dropbox. Many organizations like hospitals and banks utilize the cloud to store data on patient and customer information.
But there’s also a computational side to the cloud that comes into play when, say, we search for an old email or perform complex analyses of large volumes of data stored there.
Regardless of the scenario, it’s clear that precious personal information is stored in the cloud, and we’d like to think it’s secure up there. Enter Daniel Wichs, an assistant professor in the College of Computer and Information Science. He is part of a multi-university research team that is working to make sure the cloud is as secure as possible. The project is supported by a grant project announced Thursday by the National Science Foundation’s Secure and Trustworthy Cyberspace program and is a part of a larger NSF effort to support foundational cybersecurity research and education.
The collaborative “Frontier” project includes researchers from Northeastern, Boston University, the Massachusetts Institute of Technology, and the University of Connecticut. The team will deploy and test the mechanisms they develop in this project using the Massachusetts Open Cloud—a partnership of state government, industry, and universities including Northeastern that is designed to create a new public cloud computing marketplace to help spur innovation.
“We’re developing tools at all levels of the system,” said Wichs, a cryptography expert who will focus his efforts on this area of the project.
“Encryption,” he explained, “is a procedure we’ve been thinking about basically since the dawn of time, but we’ve only had good ways of doing it since the 70s.” Until recently, even the best encryption strategies were limited when it comes to cloud computation, he said, adding that “The problem is that standard ways of encrypting data render it useless. Once encrypted, there is no way to perform any computation over it.”
Patient data is a prime example. If a hospital wants to conduct large-scale analyses on this information, it is limited to looking at local computers because federal Health Insurance Portability and Accountability Act, or HIPAA, laws prevent it from sharing private details about patients with external entities. The hospital can easily store encrypted patient information, but it can’t utilize the increased computational powers of external computers to analyze it because encryption prevents that possibility.
In recent years, a new method for computing on encrypted data has come about that has the potential to change all that. “I can send you encrypted data, you run the computation and then send me back the encrypted answer,” Wichs explained. “I can decrypt the answer because I have the secret key, but you never learn anything.”
This breakthrough presents great promise, but the approach is still too inefficient to be widely useful, Wichs said. With this grant, Wichs will try to change that. By developing new theoretical methods for encrypting data and performing computations on that data, he hopes to provide a new level of security to cloud-based computing.
“We want to take a standard program and convert it to work on encrypted data,” he said. Prior approaches needed to first convert the program into a much less efficient circuit representation before being able to evaluate it on encrypted data. Wichs is working to build new encryptions schemes that can evaluate standard programs directly.
The research project aligns with Northeastern emphasis on use-inspired research that solves global challenges, particularly in the areas of security, health, and sustainability.
On Friday, Michael Ravert, CIS’16, attempted to answer a question many Bostonians have postulated for years: can the average person outrun the MBTA’s Green Line?
On that day, the answer was yes. But it was pretty close.
Ravert is currently working on co-op at RunKeeper, a Boston-based company that created a GPS fitness-tracking app. He and three of coworkers raced a trolley on the Green Line’s B branch down Commonwealth Avenue, starting from the Boston College station and ending about four miles away at Blandford Street station near Kenmore Square.
The final result: Ravert crossed the finish line first in a time of 24:08. The trolley made it in 24:49.
“This was an awesome experience,” Ravert said after running. “This was a fun race to do. We did a great job pacing each other.”
RunKeeper and event-organizing website The Boston Calendar coordinated the event, dubbed “Outrun the Green Line.” Ravert said he signed up because it was a great way to get to know his new colleagues better.
“An email was sent out about a month ago and I had just started my co-op so I figured it would be fun,” Ravert said. “I didn’t really think anything of it until a couple weeks ago when the race really started to become popular online.”
RunKeeper created a website for the event where people could monitor the runners’ and the trolley’s progress. The trolley held a sizeable lead on the runners during the first half of the race through the hills of Boston’s Brighton and Allston neighborhoods. But the runners caught up once the road got flatter.
Ravert crossed the finish line as the trolley waited at the intersection of Commonwealth Avenue and Blanford Street. A runner since high school, Ravert said he didn’t run anymore than usual to prepare for the race.
Ravert, who is studying computer science at Northeastern, learned about RunKeeper’s co-op at the university’s co-op fair. A friend suggested he look specifically at RunKeeper because the company combines two of his passions: running and computer science.
On co-op at RunKeeper, Ravert has worked on program development for both Androids and iPhones. He said it’s been a valuable learning experience thus far, particularly because it’s his first foray into iPhone development.
Ravert attributes his work as a tutor and undergraduate teaching assistant in the College of Computer and Information Science with helping prepare him for the co-op. “Teaching others certain programs that we use at RunKeeper helped me to understand them better, as well,” he said.
360 Huntington Ave. Boston, Massachusetts 02115 • 1 (617) 373-2000
© 2014 Northeastern University