Preventing a cyber zombie apocalypse
Cybercrime rates are on the rise, but what exactly does that mean? Cybercrime is any sort of crime using a computer—simple enough. And now that most people in the United States have a computer or access to one, cybercrime is more common than ever.
Say, for instance, someone wanted to take down a popular website through what’s called a distributed denial-of-service, or DDoS, attack. An example of this is the 2016 DDoS attack on the internet performance management company DYN that temporarily took down more than 75 major websites.
A single computer could not possibly do something like the DYN attack on its own, but cybercriminals aren’t using just one. They infect thousands of computers with malware to create a network of computers called a botnet. This botnet is a sort of zombie army that stands by waiting for commands and can be sold to bidders to do whatever a bad actor wants.
This person could recruit the zombie army, which would then do whatever they’re told, rather than what each one of their users thinks they should be doing. The bad guys could direct all 50,000 computers to go to the site at once — that denial-of-service attack would crash the site, taking it off the internet.
Attacks like these are the reason Los Alamos National Laboratory has been working on cybersecurity techniques, processes and tools to prevent and detect cyberattacks.
On a national scale, cybercrime is a much cheaper covert way to disrupt a government than previous types of espionage or other strategies. This kind of attack is secret — the objective is to go unnoticed. In the past, an enemy would train a spy, who would infiltrate an organization to gather information. It was a long and complicated process. Now, a spy can sit at a computer in a home country and send out “phishing” emails. As soon as an innocent worker in a secure organization clicks on the email’s attachment, the spy suddenly gains a direct path into a computer network, where the information is free for the taking.
Stopping espionage is an obvious win for national security, but cybercriminals are turning their attention to different types of attacks. On a small scale, robbers might hack ATMs and make them dispense all of their cash. But if this disruption concept is applied to something on a larger scale — a substation connected to a power grid, for example — it becomes a national security concern. If enough substations are taken offline, it could knock out power to an entire state.
Seeing that Los Alamos National Laboratory’s mission is national security, we have a strong interest in preventing this evolving form of warfare.
While the cybersecurity industry does everything it can to prevent break-ins, they still happen from time to time. Just as important as prevention is detecting the break-in as soon as possible after it happens and remediating it. At Los Alamos, we do that by looking for an anomaly, which is something that just doesn’t fit.
Finding an anomaly can be easy — spotting a green ball in a bucket full of white ones — or it can be hard. A difficult anomaly would be spotting a ball that’s a particular shade of red in a bucket full of balls of every imaginable color. This quickly becomes a challenging and timeconsuming process. Fortunately, spotting anomalies quickly is something the laboratory has become good at.
Over the years, we’ve developed different techniques, software and algorithms for dealing with cybersecurity incidents. Rather than detecting something that looks like a cyber threat, our algorithms search for anomalous behavior through network logs and raise alarms so that we can immediately look into the activity.
We’ve also developed Cyber Fire, which is a cybersecurity training exercise giving people hands-on experience with dealing with a cyberattack while it’s happening.
Cybercrime will continue to evolve. While we can’t predict what type of attack will come next, or exactly when, our algorithms and techniques will let us detect them quickly. And through exercises like Cyber Fire, we can train others to do the same so that in the future, we may just be able to stop the zombie army before it’s created.
Neale Pickett is a cybersecurity expert in Los Alamos National Laboratory’s Advanced Research in Cyber Systems group.