Plugged In Cybersecurity in the Modern Age pdf pdf

(1)

(2)

GATORBYTES

PLUGGED IN

CYBERSECURITY IN THE MODERN AGE

(3)

1

WHAT IS CYBERSECURITY?

Imagine all of your information—medical, financial, and personal—available for anyone in the world to see. That medical procedure? The password to your bank account? All of it, readily available for anyone with a little bit of Internet know-how. Does that sound scary? Unlikely?

Unfortunately, it’s not only real; it’s more common than you might think.

Files used to be stored in warehouses, in physical folders and lockers, behind doors and guards. Physical keys were needed to access rooms. Physical presence was required to be inside a house. Now, you can check in with a camera connected to a network. You can download addresses, social security numbers, and credit cards with a few clicks.

More and more personal information is now being stored on the cloud. Type in a name, at a doctor’s office, for example, and information comes right up. Need information on a particular person? Type in a driver’s license number. Want to check your bank account balance? Insert username and password. So yes, you have information at your fingertips, but at what cost?

The ease of access belies the real trouble, the one most people would rather not think about, and that’s security. Ease of access is a sacrifice for security. Convenience is too.

Security protocols, though annoying, at least secure information. The truth is there are many ways to get at personal information—not just through something as simple as a stolen password but also through backdoors and hacks of the software and even the hardware itself.

When was the last time you updated all of your apps on your smartphone? Or your operating system? Have you ever thought about the reason why updates are necessary? It’s not just because things need to be up to date. Mostly it’s because adversaries (i.e., bad guys) have found ways to infiltrate the software. That’s why it’s so important.

Cybersecurity is not a buzzword. It’s not something to be ignored. It will only become more and more important as more and more of our lives become interconnected and networked. Almost everything we do, every single day, will have some sort of online component. It’s important to know the impact of cybersecurity and the importance of staying on top of not only knowledge but the latest practices as well.

So why is information so hard to secure? Why is cybersecurity such an important topic?

According to the Department of Homeland Security, “there is increased risk for wide scale or high-consequence events that could cause harm or disrupt services upon which our economy and the daily lives of millions of Americans depend. In light of the risk and potential consequences of cyber events, strengthening the security and resilience of cyberspace has become an important homeland security mission.”

(5)

experiment—to explore the best ways to stay safe online.

They’re tackling the hard questions and working to stay ahead of the trends. They’re figuring out how to keep smartphones safe, how to track data, how to find hardware Trojans on chips—the list goes on.

In a recent interview, UF College of Engineering Dean Cammy Abernathy spoke about the importance of the research, and what it means. “Cybersecurity is one of the most important issues facing our country,” she said. “It’s our responsibility to work on issues of importance, and we’ve made it one of our top priorities.”

Abernathy said the topic comes up more and more in her daily conversations, especially as more computer systems become embedded in our everyday lives. It’s an issue from banking to health care to the automotive industry, and it’s only going to become more prevalent, especially as more and more devices become connected through the Internet.

“Confidence in these systems is critical to sustain our way of life,” she said. “If we lose confidence in these things, it’s going to have a tremendous negative impact.”

In addition, she said, it’s also a national security issue, as there are people out there who want to exploit our systems and degrade not only our way of life but our society as a whole.

As for the birth of the Florida Institute for Cybersecurity Research, she said there were previously members of the college working on this subject, but not to the level that there is today.

“We found some of the best minds of cybersecurity in the country,” she said, adding that they picked from the brightest young minds they could get and also some of the leading veterans of the field who bring valuable institutional knowledge to the table.

“We brought them all together, colocated them in one space, formed the institute, and already we’re off to a great start,” she said. “We want to build on that.”

She relishes the fact that there are such varied brands of research going on at the institute. For example, she said the work being done on hardware assurance has gotten national attention.

She sees the institute and the cybersecurity initiative as a way to breed a new type of engineer, ones that can lead in the twenty-first century, not only with technical know-how, but with the communication and social skills necessary to teach and inform a whole new generation of learners.

Abernathy said this is only the beginning, as she plans on hiring more people, especially someone who specializes in biomedical research. She knows that cybersecurity is a growing field, and she wants to be able to meet the need with the best around.

“Let’s give them the ability to not only solve the problems of today,” she said, “but also prepare them to tackle the problems fifteen to twenty years from now.”

Cybersecurity is a massive topic, and it touches upon all aspects of technology. This breadth is why the Florida Institute for Cybersecurity Research was established. It’s meant to be the foremost and premier multidisciplinary research institute in the country. It’s focused on advancing the field of cybersecurity to stay ahead of the hackers and cybercriminals and foreign agencies who try to compromise and steal not only our data but our cutting-edge technology. It’s a partnership between all types of industry and government. It’s also a chance for undergraduate and graduate students to learn from elite cybersecurity experts.

(6)

2

THE INSTITUTE AND THE PREEMINENCE INITIATIVE

The initiative really got started in November 2013. That’s when the Florida Board of Governors gave the signal to the University of Florida to go on what would become one of the most prolific and consequential hiring sprees in the state. They gave the approval to go after the stars in their respective fields, with one goal in mind: make the University of Florida a top-ranked public research university.

And they ponied up, with a plan to spend $15 million in funding from the legislature for different areas of focus, such as biodiversity and food security and informatics and creative writing—and, of course, cybersecurity. The idea is to snag the top minds in the country and bring them all to the same place—Gainesville, Florida.

In addition to the state money, there’s also a strong private fund-raising contingent to get the campus, the initiatives, the faculty and students, and the systems in place to take on such a transformative endeavor.

When speaking to UF News about it, University of Florida President Bernie Machen said, “It’s not the rankings themselves that matter. But a rising reputation builds momentum that allows us to make ever greater contributions. Preeminence means UF can make more life-changing discoveries, create jobs through our startup companies and technology licensing, compete to get Florida its share of federal research dollars, and ensure that Floridians do not have to leave the state to get a world-class education.”

The $15 million, five-year annual payout is matched by the university, with the plan to make more than one hundred hires and build new facilities for research. Donors responded in kind as well. Last year, according to UF News, donors gave an astounding $215.3 million, adding to UF’s ability to address all of its initiatives. It was the second year in a row where donations topped $210 million. The goal was always to raise $800 million in three years. There’s also an additional $71 million in “deferred gifts and pledges,” bringing the total up to $285.9 million.

All this money, of course, is spread around, and some of it went into hiring the world’s foremost cybersecurity experts. The truth is cybercriminals are relentless, and attacks against banks and personal information, military installations, and ATMs are going to continue and get more sophisticated.

I spent a lot of time conversing with and learning from faculty at the University of Florida, the real experts in cybersecurity. They were generous with their time and spoke with gratitude about landing at a place that values and pushes them to greater heights. Some of them didn’t have access to computers until they were in college. Others learned computer theory through books. Some of them came from villages in countries far away. Others grew up in the United States and made names for themselves, became nationally regarded, and were plucked to be a part of what they consider the best cybersecurity team in the country.

(7)

(8)

3

THE INTERNET OF THINGS

You can’t have a discussion about cybersecurity without a mention of the Internet. Cybersecurity wouldn’t be as much of an issue if not for the proliferation of network capabilities on all the network-capable devices, ones that are such a big part of our everyday lives—all the “smart” devices, including homes, power grids, thermostats, TVs, and wearable devices like the Apple Watch or the Fitbit. Practically everything’s connected to a network, and that connectivity means there are points of access for these devices to communicate. And with those access points come ways for them to be compromised.

This phenomenon, the one where everything is network connected, is known as the “Internet of Things,” or IoT.

According to a Cisco white paper article, there will be fifty billion devices connected to the Internet by 2050.

Joseph Wilson, an assistant professor at the University of Florida’s Computer and Information Science and Engineering Department, put it this way: “The real issue is not so much device security; it’s network security. A single IoT device, like a lightbulb or a thermostat or a garage-door opener, might not seem like something dangerous by itself, but that one device might provide a foothold for someone to access the rest of your devices. They’re not going to get your credit card number from your garage-door opener, but if they can listen to your wifi and use it to get into your Amazon account, that’s a different story.”

Currently, IoT is mostly a loose collection of specific, purpose-built networks, such as heating systems, telephone security, and lighting. However, these networks are going to coalesce and thus become more powerful—and therein lies the danger.

At the 2016 cybersecurity conference put on by the Florida Institute for Cybersecurity Research, Yier Jin, a professor at the University of Central Florida, gave a presentation called “IoT Security: From Hacking to Defense.”

In his speech, he outlined the ways hackers access everyday devices and explained how vulnerable some of these devices really are. Devices that seem innocuous might not be, he said. He’s been investigating the problem of security with some of these items, like the Roku, which is a network-connected streaming peripheral, or the Fitbit, which tracks fitness activity. What he found was troubling.

He also investigated the smart car, he said, and with its series of network-connected systems comes the potential danger of hacking.

What about these so-called fitness-tracking smartbands? They don’t have a keyboard, so they should be difficult to compromise, right? Not really, as he successfully hacked them. The ease of it surprised and alarmed him, he said, so he called the company and told them about some security issues. They conceded that they hadn’t put security on the devices because it would make them more difficult to use.

(9)

harder it will be to use.

For this reason, the U.S. government has been working diligently with researchers to combat the problem. As more and more devices become interconnected, cyberattacks get more involved and complicated, and the real-world consequences become more consequential.

A Harvard Business Review article about cybersecurity outlined the realities of the danger. Whereas previous attacks were directed mostly to steal confidential information and create havoc online, new attacks will affect the physical world, like a recent hacking of the Associated Press Twitter account by the Syrian Electronic Army, which sent a tweet about an explosion at the White House. The tweet caused the stock market to decline almost one percent before it was revealed as a hoax.

In 2012, a hacker built a device that could open electronic locks in hotel rooms without a key.

Even after the flaw was supposedly fixed, criminals continued to use the exploit for months.

In 2014, the Sony movie studio hack revealed thousands of documents of personal correspondence between studio executives and disrupted the movie industry.

Perhaps particularly troubling is the issue of driverless cars. Engines, locks, hood and trunk releases, heat, dashboard functionalities, and brakes have all been shown to be vulnerable to attack.

In fact, as recently as July 2015, a man wrote an article for Wired describing the vulnerability. He was driving a Jeep, and the cold air suddenly blasted at maximum, without any input from him. The radio went full volume, despite his trying to turn it off. Then the windshield wipers started going off, and suddenly he started decelerating. All without his control. It all comes from one small vulnerability: “Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot,” he described. “And thanks to one vulnerable element…, Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country.”

The problem involves much more than smart cars or wearables. Network-connected biometric devices like pacemakers are also at risk, as are insulin pumps and implantable heart regulators.

These are not inconsequential problems, and it’s why the U.S. government is keenly interested in the issue. It’s also why the University of Florida has spent so much special attention on cybersecurity. It’s why they’ve hired people from as far away as Iran and India to tackle this complicated problem. They are seeking to find innovative new ways to use IoT devices safely and to find new ways to get by security protocols, so as not to sacrifice usability for security.

IoT, however, is just one aspect of cybersecurity, and it’s more of an explanation than a method. The different methods for hacking devices usually start from one place—the user.

(10)

4

JUAN GILBERT AND HIS VOTING MACHINE

Juan E. Gilbert, PhD, the Andrew Banks Family Preeminence Endowed Professor and Chair and a member of the Florida Institute for Cybersecurity Research, is an expert in human-centered computing. He is a professor in the Computer and Information Science and Engineering Department, and he leads the Human-Experience Research Lab. Also, Gilbert was recently named one of the fifty most important African Americans in technology.

His work involves how we interact with computers and how they can be used to improve the lives of those around us. His research includes data mining, culturally relevant computing and databases, spoken language systems, usability and accessibility, and advanced learning techniques.

One of the biggest and most visible projects he’s involved with is an open-source voting machine specifically made for everyone—including the blind, deaf, or disabled.

The machine works by allowing voters to vote with a touchscreen or speak into a microphone. It will either display letters for you to read or speak to you. Those who can’t speak can blow into the microphone to make his or her choice.

Gilbert developed the Prime III with help from research assistants, a National Science Foundation grant, and a $4.5 million grant from the U.S. Election Assistance Commission. The open-source release was funded by the Knight Foundation.

Voting, by design, is meant to be a private endeavor. For years, disabled persons have not been able to truly vote by themselves because of their limitations. Even in the precinct, they might have someone else telling them what to do, and it could influence them, perhaps because of uncomfortable or uneasy feelings. Many might choose to stay away altogether.

Ensuring private ballots, Gilbert said, was a challenging proposition. “You have to make sure they can’t be tied back to an individual,” he said. “They have to be secure, and they can’t be modified in the system.”

How does he ensure that happens? The key is to keep it off the network and use an “old-school paper ballot.” In fact, the Prime III prints out a ballot for the person, which he or she can then use to vote.

Security concerns are always important and need to be considered heavily. Gilbert said he’s not aware of any elections being stolen by hacking, but he does have evidence of an outcome being changed because of poor interface design. In Sarasota, there was a voting machine with a suspicious number of under votes, and the team thought there was a possibility it might have been hacked. Upon closer inspection, however, it turned out to be an issue with how the ballot was displayed on the screen. Because the line that was highlighted, and drew the eye, was the second contest, many people didn’t notice there was another contest above it.

(11)

Gilbert enjoys being at UF and being part of such a prolific team working to address these types of issues.

“We put together an outstanding team that can address hardware, software, and usable security,” he said. “We have a full house in the sense that we cover all aspects of cybersecurity, and we’re very, very good at it now.”

(12)

5

HOW DOES A NETWORK WORK?

Security threats spread through networked computers much easier than, say, a lone desktop with no Internet connection. In fact, before the Internet, computer viruses and damaging programs had to be installed through disks. However, this didn’t necessarily mean they were less likely to be distributed. A disgruntled IT employee could easily move from computer to computer in a big company and infect them one at a time.

Nowadays, most computers are connected to the Internet through networks. In order to understand exactly how and why cybersecurity is such a looming threat, it’s good to get a grasp of the basics, such as how computers connect to each other and share information.

When we think of computer networks, what comes to mind? Any workplace will generally have a large network of computers connected to each other. That’s usually called a LAN, or a local area network. Generally an office or a school or a library uses a LAN. The computers are linked and typically have peripherals, such as scanners or printers and modems.

A personal network can be referred to as a PAN, or personal area network. This is the setup that a person would use in a home. There are also MANs, which are metropolitan area networks, and WANs, or wide area networks. The Internet itself can be considered a wide area network.

Computers need nodes and connections to link up to each other. Linking the nodes enables these connections. Wireless communications are usually the most common, but offices are sometimes linked through cables, which can run through the ceilings or walls. Hardwired cables are faster than wireless connections. But think about a router, which serves as a node. A router is always hardwired to the source of the service provider. The service provider allows connection to the Internet.

That covers, in simple terms, how computers network to each other and the Internet, but what’s the method for how they connect? In order to understand that, it’s important to know about TCP/IP (transmission control protocol/Internet protocol).

TCP/IP was the result of many years of research and development by the Defense Advanced Research Projects Agency (DARPA). Research began in the late 1960s. The idea was to find a way to communicate over satellite and radio waves. The first iteration was called ARPANET, an early packet switching network and the first to use the protocol. Packet switching is a way of transmitting digital data in appropriate-sized blocks, called packets. The packets are then transmitted and shared. Packets have a header and a payload. The header is data at the beginning of the packet. Information in the header is used by the network to direct the packet to where it’s going, and where the payload is used. The payload is the purpose of the message, or transmission. Because of packet switching, data can travel in many different routes, and reassemble when it arrives.

(13)

with catchy names like “www.ufl.edu,” instead of actual IP addresses. Underneath the domain name, there are IP addresses, and machines communicating with each other.

DNS, or domain name system, enables a machine to look up the IP address for a website. Original IP addresses were limited to four pairs of digits divided by periods, but eventually that system needed to be expanded to include more symbols to accommodate the large number of websites all around the world.

TCP, for its part, sorts out the way the packets move back and forth between sender and recipient (the IP addresses). It gets the data and arranges the packets, sort of like a mailman does.

With these frameworks, hackers and adversaries have figured out ways to manipulate the way information is sent, to hide malicious data in the payload, or to censor information based on what’s in the header.

So what about security of transmitted data? That’s where SSL, or secure sockets layer, comes in. SSL is the standard security technology for establishing an encrypted link between a web browser and a server.

All this information ties into why cybersecurity is such an important topic. Kevin Butler, associate professor in the Computer and Information Science and Engineering Department, and a key member of UF’s cybersecurity team, explained that when you’re connected to a public network, like one in a grocery store or a coffee shop, it’s important to remain vigilant.

“You have to be very careful about what’s going on when you’re on an open network,” he said. (An open network is one that doesn’t require a password to join.) “Anytime you send information, and it’s not being sent over SSL—anytime you’re communicating without those protections—it’s possible someone can be ‘sniffing’ the network data.”

The network, he said, radiates in all directions, and if some of that information goes out without encryption on it, adversaries can potentially capture and steal personal data.

A home network is encrypted. We’ll have more on encryption later, but it’s basically a way to protect your data so that no one but your intended recipient can read it. This way, someone walking by can’t jump on your network and spy on you—at least, not without a password.

Open networks, like the ones at coffee shops or supermarkets, are generally unencrypted—at least, the ones that don’t ask for passwords. When you log onto these networks, your unencrypted network traffic is visible to everyone who knows how to look for it. And if you’re visiting nonencrypted websites without the green lock in the browser bar, which shows that SSL is being used, adversaries can see what you’re doing. If you get an email asking for personal information, or go to a non-SSL dummy site, like a fake bank site meant to look like a real one, personal information can be stolen. On open networks, adversaries can even see what encrypted websites you’re visiting and use that information to mount an attack.

(14)

6

SERVERS AND THEIR RELATIONSHIP TO CYBERSECURITY

Data doesn’t just exist in the ether. Every image or word on a computer screen, every video streamed or file downloaded, has to live somewhere. Every time you log onto a website, be it the University of Florida website or the site for National Geographic, the images you see, the words you read, the information for it, it’s all stored somewhere. The same goes for government websites, merchant sites, and everything else, all around the world. All of these things live on servers, and this also makes them vulnerable to cyberattacks. But what exactly do servers do?

When we think about servers, maybe we picture a cold room with stacks and stacks of hardware in neat rows, like a library. Maybe we think about Hillary Clinton and her personal email server. The truth is the word server is fairly general, and there are many different types of them, for many different purposes, including web hosting, file hosting, faxing, computing, email, and so forth.

The word itself refers to the act of hosting something that makes things happen—for example, executable programs. A server has the ability to store all of the files of different users on a specific network, so that everyone can have access to the same files.

For the purposes of cybersecurity, I’m going to focus on the applications of servers in regard to the web. In these terms, a server refers to a specific type of computer, but not the type that goes on a desk with a mouse and a monitor. These are computers with extra powerful processors and super high-speed RAM (random access memory), and multiple hard drives. The combination of all these means the machine runs faster than regular desktops and allows for significantly higher performance capabilities.

So what can they do? Well, they can store files and manage peripherals. Many focus on only one task, like storage or email. Some only organize specific sets of data.

When we talk about Internet use, we’re talking about what is called a client-server model. The person clicking through a website makes a request, and the server provides the results. When someone goes to any large website, there are a myriad of machines that process the request.

Now, let’s talk about vulnerability. There are quite a few recent examples of compromised servers. According to an article by the Washington Free Beacon, hackers linked to the Chinese government are using American servers to conduct cyberattacks against private companies.

A large investigation by a U.S. security firm has shed some light on the cyberattacks. The firm said the Chinese groups used seven computer-hosting companies to target a European energy firm, a European telecommunications company, and a U.S. air carrier.

The Chinese simultaneously conduct the attacks while also trying to stay out of the eye of U.S. intelligence and law enforcement trying to track them.

(15)

Office of Personnel Management, the article said. The hack, first announced in early June 2015, involved the theft of records of millions of former, current, and potential federal employees and contractors.

The attack started in early 2014. By mid-June, the agency released information about a second, bigger attack that targeted information for millions more Americans, ones who simply applied for security clearances, according to NBC News. The ensuing fallout from the attacks and subsequent disclosures led to the resignation of Katherine Archuleta as director of the OPM. The smoking gun suspected of linking the attack to China is the use of Sakula malware, a program designed to steal large amounts of data. Many of the cyberattacks came from servers of companies located in Los Angeles and one in Nevada.

Cyberattacks are a cat-and-mouse game. Adversaries are always looking for new ways to steal data or compromise sites and are trying to stay one step ahead of authorities. This ongoing fight is why the gathering of the world’s best researchers at the University of Florida is so important. Attacks happen every day, and it takes teams of talented people to fight back. It takes time and resources, something the University of Florida has shown it’s committed to providing. Many of the researchers and professors I spoke to talked about the caliber of the team that has been put together to tackle this important issue.

(16)

7

THE CLOUD AND THE MYTH OF STORAGE IN THE SKY

The idea of the cloud is fairly new, in terms of Internet and security and storage. When we used to think about our data, or our documents or programs or a hard drive, it would be in terms of physical storage. Everything had to be stored somewhere. Systems needed to be backed up so data wouldn’t be lost. We could keep our family photos and important programs on external hard drives or disks.

The cloud came along and changed all that. Apple can store all your photos for you. Google can save all your documents for you. In fact, you can back up everything on the cloud. No need for any storage for yourself anymore. But what exactly is the cloud? Does everything just exist in the heavens? In the radio waves? How does it work?

Let’s start with the terminology. The computing term cloud actually predates the Internet itself, though the exact origin of it is hard to pinpoint. One possible explanation for the term comes from a book called How Google Works by Eric Schmidt and Jonathan Rosenberg, with Alan Eagle. It involves the way old programs function, and how network schematics were drawn by surrounding the icons for servers with a circle, and how a cluster of servers in the diagram usually had lots of overlapping circles that looked like—you guessed it—a cloud.

It’s also a metaphor, though, for the Internet and how it connects everything together, how the endpoints of the network are numerous and irrelevant, hard to pin down—a cloud.

Let’s talk about storage. The first thing to understand is that data does not just exist in the air. Every bit, every word, every Excel sheet—everything has to be stored somewhere. As I said before, the only options used to be physical storage that a person would keep nearby. The word physical is important because it has to be stored somewhere.

So, no, cloud storage doesn’t have anything to do with weather. What it really refers to is an off-site storage center kept up by whomever the person is paying to do so, be it Google or Apple or whatever company you choose. The key to it all, of course, is the Internet, and with the Internet comes vulnerabilities. Storing data at some off-site facility somewhere arguably isn’t as safe as keeping an external hard drive under your bed. As with anything, there are tradeoffs.

So what are the advantages? Well, there’s the accessibility, for starters. You can get to your data anywhere that you have Internet access. You don’t have to carry around anything. Also, cloud storage makes it easier to collaborate with other people. If everyone has easy access to storage, it’s much easier to share work.

Remember those cold rooms filled with rows and rows of servers? Well, that’s basically what cloud storage is: data stored on servers in data centers in a remote location. There are many different types of cloud storage systems. Some have pinpoint focus on certain specific things, like email or pictures or music. Other cloud storage systems are a catchall and take all of your data. Some are smaller, and some, like Amazon, can fill up entire football fields.

(17)

files on the actual server itself. Most remote storage systems rely on a system of redundancy, meaning they store the data in more than one location. This redundancy is important because computers can break down or fail, and then data is lost. Some users have cloud storage only as backups, others to store extra files. It can be free up to a point. For example, Google will allow a certain amount of storage before it asks you to pay, for each user account. It caps out at fifteen gigabytes (GB).

To put it in perspective, the smallest unit for storage is a bit. Next is a byte, which is about eight bits. Then there’s KB, or a kilobyte. Those are about one thousand bytes (kilo = thousand). A small email could be about two KB; a larger paper, maybe about five pages, would be closer to one hundred KB. Next unit up is MB, or megabytes. That would be about one million bytes. Next is GB, and after that is TB, or terabyte, which used to be unheard of but is now more common.

Many companies provide many different services, but the truth is that the more services there are, the more opportunities for security breaches and stolen data. Who are the biggest companies?

Social media sites aren’t typically thought of as storage centers, but let’s take a moment to think about it. All of your pictures posted and statuses and updates have to be saved somewhere, right? Facebook is actually a really good example of what it takes to store huge amounts of data.

Facebook is arguably the world’s most popular website, with more than one trillion page views each month, and the site is responsible for 9 percent of all Internet traffic, slightly edging out Google. This gargantuan size requires equally goliath-like data centers, as the site continues to grow, and its users add an estimated three hundred million new photos every day. To accommodate all this traffic, Facebook has built at least five massive data centers all over the world, with the latest in Fort Worth, Texas. It’s a huge undertaking. The data centers are typically the size of two Walmarts.

What about Google? It’s the same thing, in terms of size. Emails, pictures sent in emails, documents, and spreadsheets tied to a person’s Google account are all saved somewhere. And of course, Google handles millions of search queries. In May of 2015, Google announced that it had a total of 900 million users using its Gmail service, up from 425 million in 2012. Also, 75 percent of those users access accounts on mobile devices.

Google also has huge data centers all over the world. Other smaller sites—specialized ones like Flickr or grandparents. com—all have to live somewhere, and that somewhere is in machines in data centers—that is, the cloud.

Security is obviously the biggest concern of storing data offsite. A couple of security methods are in place. Encryption is a big one. It basically involves using an algorithm, a very complex one, to encode information. It requires ridiculous amounts of processing power to crack encryption, so hackers and adversaries generally don’t try to crack it as much as they try to steal the key, be it a password or something similar. With the key, you don’t need to break the code. Having a username and password is another form of security, but an efficient one, because it also helps organize your own data. That process is called authentication. There’s also authorization, where access to files on a server can differ based on employee rank. There is always a risk of theft and disruption, just like in a real-life storage center that houses paper files.

Because of these inherent issues, the University of Florida has well-qualified researchers working on the problems associated with cloud security. For example, Kevin Butler, the associate professor who warned us about the dangers of open networks, has made cloud security one of the main thrusts of his many-pronged research avenues.

(18)

more trustworthy,” he said. “Once you’re putting data in someone else’s system, how do we know what’s happening with the data? Provenance in cloud environments ensures trustworthiness.”

He’s working on a project involving putting a virtual machine on the cloud and also attempting, in his research, to make cloud computing a little safer, in terms of where the data actually is and making sure that it’s there where the provider says it is.

(19)

8

KEVIN BUTLER AND THE IMPORTANCE OF DATA PROVENANCE

Kevin Butler is an associate professor in the Department of Computer and Information Science and Engineering, a Preeminence hire, and the recipient of a National Science Foundation CAREER award in 2013. His work in cybersecurity is varied and includes storage systems, large-scale systems architectures, and networks.

Like most of the other members of the team at the Florida Institute for Cybersecurity Research, Butler is straightforward and eager to explain the type of work he does. Many of the members of the team, though they’re well known and respected in their field, are like this—happy to talk and discuss matters of cybersecurity and grateful to get to work in the environment they do.

“In general, my research is about the trustworthiness of data and devices,” he said. “How do we ensure we’re talking to the right computer, and how do we know it’s trustworthy? How can we assume it’s from the right place?”

This idea of provenance shows the depth of the cybersecurity research being done at the university. They really are attacking the issue from all angles within the discipline.

So why is data provenance so important? Butler likens it to painting. “If you look at a Rembrandt, you’ll be able to trace the history and who was in charge of it and who it was sold to for fifty, one hundred, four hundred years. That’s how you know you’ve got the real deal. In the art world, that’s how you would show the article is genuine.”

Trustworthiness is of utmost importance because we need to make sure adversaries aren’t tampering with data and compromising security. This is especially important for military and government organizations in the United States, especially since the majority of companies that manufacture chips are not located in the United States.

The applications of this, Butler said, are many, including using provenance to prevent data loss from companies. For example, if an employee or someone steals a piece of data, the company has a record of the information about where the data came from as well as a way of tracking where it went, and who accessed it.

This capability could be used, for example, in hospitals, to make sure no private and protected patient data is leaving the network. Traceability, he said, would be the ultimate goal, although the process itself is fairly new.

“We’ve created a software that runs in the operating system below the layer of what’s running,” he said. “It’s collecting info every time you open or log in or perform an operation, silently at a layer below the standard system, at the heart of the OS.”

The software, which runs in the Linux operating system, acts as a sort of log and monitors the data.

Butler has gotten lots of attention for his work, including from the MIT Lincoln Laboratory, where they’ve used his software in a prototype system.

(20)

“Part of the problem we have with computers is that we don’t know what’s going on inside them,” he said. “They’re so complicated and have millions of lines of source code and dozens of apps. The web browser alone is so much source code. They’re sort of opaque to us.”

Because our machines are so powerful and the things we’re able to do with them are so complex, being able to trace data is a “shockingly hard problem.” The sheer amount of data is overwhelming, so there needs to be a way to keep track of it and catalogue it.

Butler said he and his team have a good system for single computers, but once the data is there, what comes next? They’re also working on ways to reduce the amount of data they collect. In an early prototype, a computer running for only ten minutes created four GBs of provenance data. Since then, Butler’s team has found ways to cut this number by up to 90 percent.

Still, with these issues to iron out, he’s looking to what comes next.

“The challenge is how do we expand this from a single computer,” he said. For example, how can it be expanded to more computer-enabled environments, like a power grid for an electric company? Energy, he said, is a field where cybersecurity is becoming more and more important, because a lot of it is on a network and therefore vulnerable.

“How can we use these provenance techniques to find out what is going on in the power system?” What needs to be done to prevent security lapses? He hopes to use his techniques to generate information and start to answer some of these questions.

He’s working on techniques to represent the data in ways that are easy to access. Think of provenance, he said, as a mathematical graph. Events are linked to others in connected pathways, but the problem is making sure the representations are efficient and compact enough to be doable. Data that has four million graphs obviously takes up too much memory.

He’s been looking at security principles in general, and from the past, to help him solve some of the current cybersecurity problems, of now and the future.

“I’ve been looking at the ways in which security policies have been written to ensure information is collected in a complete way,” he said. “Some of these date back a few decades, but we can use those ideas with some modifications.”

Butler explains that it’s a very interesting time for data and data provenance, for trustworthiness. Think about the work of journalists, he said. There need to be mechanisms in place so that they know what they’re getting is legitimate, or tools that not only protect the anonymity of the sender but also can verify the authenticity of the package. He cites Dropbox. It’s a program that lets you share data remotely, but how do you know it’s safe? Just because it exists doesn’t in any way mean it’s secure.

Butler considers his work an obligation. He wants to design tools to help society. The decisions made right now in terms of security and privacy could have long-term implications for what happens in the future. Decisions made now could determine how much power the government has in looking through personal information of its citizens. These questions are critical to our society, he said.

Butler also does research and work on the safety of USB drives. Many organizations have banned the use of USB drives because of the relative ease of using them to spread malicious software onto computers. Butler’s research involves solutions to this problem. He developed something that will essentially interrogate the computer to find out if the data on the drive is malicious or not. It’s usable on any computer, he said, and he has a patent and is looking for potential commercial uses.

(21)

(22)

9

THE OPERATING SYSTEM

An operating system is a user’s window into a computer and, by extension, a network. It takes all of the complicated processes required to run a sophisticated system and simplifies them for ease of use. Many operating systems are ingrained into our collective consciousness: Windows for PCs, OS X for Macs, Linux for those people who want to have more control over how systems work. Every device curated for public consumption runs on an operating system of some kind, and therefore operating systems are easy targets for cybersecurity attacks. It’s no coincidence that new versions and updates are constantly being released for popular operating systems. It’s an efficient way for programmers to stay one step ahead of attackers.

Think about it this way: you have your own computer, and it’s running fine from whatever operating system you’re using. A virus, or malware, is something external that can come from a variety of sources, such as the Internet or a DVD. But once the virus is in your computer, it can start to attack the operating system. It tries to take advantage of certain loopholes in the system. Adversarial programs are always trying to take advantage of some oversight. That’s why updates come so frequently, and why it’s so important to always update your software.

No operating system is perfect, and there are always holes where bad guys can capture sensitive data and still be undetected in your network. Browsers are the same way; they store personal information in cookies, and viruses can access those, if given the opportunity. These are the types of problems being worked out at UF. How does one protect from these types of attacks? Where can safeguards be built? Where are we the most vulnerable?

(23)

10

MICHAEL FANG ON WIRELESS SECURITY

Yuguang “Michael” Fang is a professor in the Department of Electrical and Computer Engineering at UF. He was elected an American Association for the Advancement of Science (AAAS) Fellow and an Institute of Electrical and Electronics Engineers (IEEE) Fellow, and he was awarded a National Science Foundation Faculty Early Career Development Award. He was an assistant professor in the Department of Electrical and Computer Engineering at the New Jersey Institute of Technology, and before that he worked at the University of Texas at Dallas. He earned his PhD in Electrical and Computer Engineering from Boston University in 1997. He also has a PhD in Systems, Control, and Industrial Engineering from Case Western Reserve University.

His research includes work with network security and privacy, wireless networks, mobile communications, sensor networks, social networks, and smart grid, among other things.

A lot of his work involves research on electronic sensors, and he’s vocal about how much can be done with them. “They are basically sensing and communication devices,” he said. “We can place them somewhere, and they’ll sense an event and send back information wirelessly.”

For example, he has been involved with putting sensors in the forest to monitor deer habitat and also installing cameras to get video back. It isn’t a simple process as one might imagine, because the cameras, acting as sensors, and deployed communication facilities have to work in conjunction with each other. Building that kind of infrastructure was a challenging process, he said.

Sensors can be used in all kinds of to-day applications and even in some that aren’t so day-to-day, such as a battlefield. “For example, take the Gulf War,” he said. “If we wanted to send troops, but we weren’t sure if there were enemies around, or to get a sense of the terrain, we could drop sensors in the area and get some information beforehand.”

Like many of his colleagues, he views much of cybersecurity work as a game between good guys and bad guys, and the two sides constantly trying to outsmart each other.

In fact, one of the research projects with sensors involved an actual game, where he and his team split into two groups and one side tried to install communications infrastructure, and the other side tried to stop them from doing so. They used the sensor nodes in that exercise as well and tried to find ways so that even if the enemy captured some sensors, they would still work.

Basically, the enemy couldn’t use the captured sensors to trick the other side because they embedded location information inside the sensors, and they wouldn’t work if they took the sensor nodes out of the intended area.

As a natural evolution, communications convenience made privacy and security issues more visible. Fang mentioned that the cell phone is a classic example of how people may not realize how much information about themselves they’re giving away.

“Many people don’t know that GPS services on their phone are revealing their location whenever they turn it on. When they turn it on by default, they forget it’s always online, and it’s giving away personal information,” he said.

(24)

making connections between you and other people.

Privacy is an important issue to Fang, and he’s working on research to ensure that people can use these types of services anonymously, but he said it’s still a ways away. Fang warns of the dangers of letting people know when you’re away from your home, especially because some criminals may plan robberies based on people’s social media postings.

That’s why privacy is such a hot research issue—there’s the issue of safety. Sure, someone can, to an extent, control their own privacy settings on their own social media accounts, but can they control other people from posting photos of them? Fang had his own run-in with this issue when he was at a party, and a friend took a picture of him without his knowledge and posted it.

This incident got him working on another project regarding photo permissions. The issue of permission and privacy is interesting, he said, because it’s so easy to just post a photo without thinking of the potential privacy issues. For example, a photo may reveal your whereabouts when you may not want that information to go public.

To illustrate this point, Fang made a comparison between the present day and one of the most popular movies of all time—The Godfather. In that movie, a singer named Johnny Fontane has a relationship with the criminal organization. Now, that’s information he might not want out in the public. What if it were the modern day and someone took a photo of him without his permission at a party? An innocent photo in the wrong place—say of a politician or a celebrity—could easily ruin one’s political career.

“Wouldn’t it be nice,” Fang asked, “if we designed a system that would ask for permission before posting?”

Fang studied the problem and broke it down. His group developed an alerting system in which a facial recognition software would identify who’s in the photo, and then an alerting software would trigger messages for permission.

Fang is not working on this type of software for commercial application, but he knows how this type of research can lead to other things as technology continues to evolve. A whole generation of people, he said, has grown up with their lives online. How will it affect them when they try to become professionals in the future? Shouldn’t they have the ultimate control over their online presence?

He’s also concerned with the way people have relationships with each other. Are friends you meet online, but never in person, real friends? How are our online lives affecting our real ones?

These are the types of questions that feed his research. He’s also interested in the Internet of Things and the implications it has about surveillance of society. There is so much data out there, he said, that with the right tools and know-how, you can collect information on anyone. Little pieces of data here and there on a person might not seem like much, but with enough you can begin to connect the dots.

These are the types of tactics that have been used when big news stories break, when citizens try to find out the identities of people mentioned in breaking news. It’s called crowdsourcing and involves people all over the world piecing information together in the hopes of finding out something. The way to combat these privacy issues, Fang said, is to be a more privacy-aware person. Be aware of the things you say and post about where you are and where you’re going. And remember, things are not as secure as you might believe.

(25)

don’t have the cybersecurity apparatus in place to ensure that data is secure. Most hospitals use free wifi, but is it the same network they use to keep track of the files? How many mobile devices are on that network?

Also, Fang said not many employees like nurses are given enough cybersecurity training. They might not understand how the technology works or how information is shared over networks. This concern applies to many professions. Cybersecurity is a new and growing field, and many just aren’t aware of the dangers.

“The user needs to be educated,” he said. “Education for cybersecurity is very necessary.”

Another research area he’s looking into is unmanned cars and the security implications involved with them. The top of the list, he said, is the idea that a car could be remotely hacked and controlled. As things get more personalized—for example, the car or the phone—the privacy risks become more and more apparent.

(26)

11

THE PROLIFERATION OF THE HACKER

Hacking is a term most of us are familiar with. Whether it’s from some ’90s movie with a strange graphical interface going through virtual dungeons or in the news about some kid who hacked into a multibillion-dollar company, hacking is well known in the public consciousness. But what are the origins of this ubiquitous yet simultaneously shadowy term?

The official definition of the term involves using a computer to gain unauthorized access into a system. There are a couple of keywords there: computer, unauthorized, and access. These are parallel terms to the most pressing issues of cybersecurity, but it’s good to get a sense of how these things evolve. Indeed, as tech gets more complicated but more user friendly, so too does hacking become more prevalent.

First, some history: The first hackers were called phreakers and didn’t work on computers but on phones. They used whistles and played with phones to make free calls and experiment with the limits of what phones could do. Essentially, they tried to hack into phone companies in one way or another.

One of the first mentions of the word in relation to computers came from an article in the magazine Psychology Today, in 1980. The article, “The Hacker Papers,” was about how addictive computers were. Another notable mass-media occurrence was from the 1982 movie Tron. The Jeff Bridges character talks about how he’s been doing a little hacking, when he talks about how he wants to break into the computer system. Another movie, from 1983, War Games, starred Matthew Broderick as high school student named David Lightman. Lightman, identified as a hacker in the movie, breaks into a military supercomputer looking for video games. He accidentally almost sets off World War III and is forced to find a way to stop it.

Popular culture has a very specific way of bleeding into the public consciousness and its perception of things. So the idea of the teenage hacker was born. Enter the 414s, a group of hackers from Milwaukee, Wisconsin, in the early 1980s. The (mostly) teenagers, ranging in age from sixteen to twenty-two, hacked computers throughout North America, including the Security Pacific Bank, Sloan-Kettering Cancer Center, and Los Alamos National Laboratory. The group became so famous that they were covered in Newsweek, even garnering a cover story about their exploits in September of 1983. They did about fifteen hundred dollars’ worth of damage at Sloan-Kettering by deleting billing records, and authorities quickly realized others could easily duplicate their techniques, since they used cheap personal computers and exploited common cybersecurity mistakes, such as companies not changing from default passwords.

From there, laws began to be drafted against hacking, as more and more people became aware of the vulnerabilities and dangers of the practice—in essence, the first iterations of cybersecurity.

(27)

One of the first cases of the law being used was with a man named Robert Morris, Jr., who was the son of a National Security Agency computer worker. He let loose a huge computer worm in 1988.

Morris was a Harvard graduate and a Cornell graduate student when he created and developed what would become the first real widely spread worm. It was released on November 2, 1988. Morris used MIT’s systems to hide his true identity as a student from Cornell.

Morris didn’t mean for the worm to cause the havoc that it did. He meant for only one copy of the worm to infect each computer, but he made a mistake when he wrote the code, and he somehow “programmed the worm to duplicate itself every seventh time it received a ‘yes’ response,” according to an article in eWeek.

The Morris worm got out of control too fast for its programmer to even begin to keep up. It flooded hard drives and crippled systems. By the time someone tried to send out a warning, it was too late, as many systems were already shut down.

In days, the Morris worm ravaged through ARPANET, infecting more than six thousand computers at military installations and universities and research centers across any LANs connected to the network.

Removing the worm was not cheap, and costs ranged from $200 to $53,000. It’s hard to say for sure how much money was lost, but according to some estimates by the U.S. General Accounting Office, it’s somewhere in the neighborhood of $100,000 (the low end) up to $10 million.

After Morris was identified as the perpetrator, he was prosecuted under the CFAA, but the indictment took eight months because prosecutors had to prove whether Morris intended to cripple the network or not.

He was found guilty in 1990, but the sentence was relatively light—four hundred hours of community service, three years of probation, and a fine of $10,050. As of 2016, Morris works at the Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory and teaches at the school.

Interestingly, though the word hacker has a fairly negative connotation, there are subcategories for it, definitions for good hackers and bad hackers and those in between. First, let’s talk about white-hat hackers. White hats are ethical hackers who expose vulnerabilities in computer systems, instead of exploiting them. Corporations will hire them for large sums of money to help shore up the cybersecurity of their operations. Not all work for money, though; some just enjoy finding the weaknesses in programs but don’t want to go so far as breaking the law. Many breakthroughs in cybersecurity have come from these types of hackers. Many of the researchers working in academia, including those at the University of Florida, could be considered these types of hackers.

Next, we have the opposite: black hats. Black-hat hackers are not concerned with ethics, and they don’t care about helping corporations become more secure or helping anyone, for that matter. According to Robert Moore in his 2005 book Cybercrime: Investigating High Technology Computer Crime, a black-hat hacker is someone who “violates computer security for little reason beyond maliciousness or for personal gain.”

(28)

After those three main types, we have what is known as the blue-hat hacker. Blue hats refer to employees of consulting firms employed for bug-testing prior to product launches. Microsoft especially is known to employ such hackers and even has had a yearly conference about it.

What’s left? There are elite hackers; neophytes, who are new and don’t have much knowledge; and even hacktivists, who use their skills to promote political or social messages. All in all, it’s a continuing and ongoing struggle between the people who make the programs and the people who want to hack them.

(29)

12

WHAT EXACTLY IS MALWARE?

No discussion of cybersecurity is complete without mention of the main tactics bad guys use to steal information or wreak havoc on an operating system. The software hackers use to carry out attacks is broadly referred to as malware. Put simply, it’s an overarching term used to refer to all types of malicious or hostile software not originally meant to be used with the operating system, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and others. It takes on many forms and comes from many places, but most has to be downloaded or installed on a computer from a questionable source.

It’s good to get a sense of all these different types of malware, to further the understanding of the immense challenges faced by the University of Florida cybersecurity experts. Worms are programs that replicate themselves over and over again, spreading from network to network. One of the most famous examples, besides the Morris worm mentioned earlier, is the “Love Letter” worm that attacked millions of Windows computers in 2000. It was sent as an email with an attachment, with “ILOVEYOU” as the subject line and “LOVE-LETTER-FOR-YOU.TXT.vbs” as an attachment. The .vbs was hidden by default, and many thought it was just a text file. Once it was opened, the worm sent a copy of itself to everyone in the user’s address book, with the sender’s address. It spread so fast it was impossible to contain, and it infected computers of large corporations and the government, even up to the Pentagon. It’s estimated to have caused $15 billion in damages.

A Trojan horse is a destructive program that disguises itself as a benign one. It can involve social engineering—mostly fooling someone into clicking on something. Trojan horses don’t generally replicate themselves and can operate undetected for long periods of time. Many Trojan horses pop up on websites, claiming to clear your computer of viruses, when in reality, they install viruses on your computer. They have many purposes that fall into several categories, but most Trojan horses are either destructive or used to steal personal information.

Ransomware is a very specific type of malware that, once installed, stops you from doing certain things on your computer until you pay a ransom to the operators to remove the restriction. Some versions encrypt files, and some simply lock the whole system up. Some versions of this type of malware, as of June 2015, have accrued more than $18 million.

Spyware has the specific intent of trying to steal personal information without being detected. Some types of spyware can record keystrokes and steal passwords. It can also disrupt the way your computer works, changing settings and reducing connection speeds.

Adware is similar, but it’s not covert. It downloads software that displays unwanted ads when a user is online, or collects marketing data or other personal information without permission. It can also redirect users to certain websites.

(30)

13

JOSEPH WILSON ON HACKING AND MALWARE

Joseph Wilson is a University of Florida computer science veteran. He’s an assistant professor at UF’s Computer and Information Science and Engineering Department, and a member of FICS Research. He received his PhD in computer science in 1985 from the University of Virginia, and he’s the faculty advisor for the UF Student Information Security Team—a group created to inform students about information security topics—as well as for the UF Collegiate Cyber Defense Competition Team. He also teaches courses that explore theory and techniques of ethical hacking and reverse engineering.

He was trained in programming language design and implementation and worked on development of an algebra for describing image processing transformations before the emergence of image processing standards. “The work was funded by the Air Force, and the goal was to be able to send out autonomous vehicles that could recognize targets,” he said.

He also worked with Lockheed Martin and has recently performed work in landmine detection, helping to develop new techniques and approaches in discriminating landmines from naturally occurring clutter in the landscape.

His interest in cybersecurity started from these beginnings, and from watching the computer get smaller and faster over the years, and he approached the topic from a programming language standpoint. How does one write secure programs that are resistant to exploitation?

The lack of program security is a problem that some clever hackers can figure out how to take advantage of, he said. For example, there have been issues plaguing well-known websites. On many commerce website checkout pages, hackers have figured out ways to enter carefully crafted data that can modify prices of items.

The problem comes down to the website trusting user input, and the adversary learning how to exploit that. And the reason it happens, he said, is because when the code is being written, programmers tend not to think about these kinds of vulnerabilities.

Even simple errors can cause sites to crash, he said. Take, for instance, a prompt that might ask for your age. It might have been written with specific input ranges in mind, but what if you say your age is 1024? Because the site doesn’t have that as an expected input, it could potentially crash or leave it open to other problems. These are the types of errors adversaries look out for.

Others might try to reverse engineer the code to find out what it does right and, more important, what it does wrong.

Secure coding, he said, is a difficult discipline. It takes a lot of time and resources, and it needs to provide a reasonable amount of security without affecting the user experience detrimentally.

(31)

even sending ransomware. Botnets are also used in stealing credit card and bank credentials. How can you protect yourself?

“Update, update, update,” Wilson said.

Malware usually targets older, more vulnerable software. Also, make sure you back up your information, whether it be on the cloud or on a separate hard drive. Strong passwords are important, he said, and always use different passwords for different sites. He also recommends using credit cards rather than debit cards, because they have stronger consumer protections.

That’s not all. “Never open attachments from anyone you don’t know,” he said. “If you don’t know it, don’t open it.”

He also warns that while many Internet-connected devices we use daily (like garage-door controllers, security cameras, and thermostats) have plenty of computational capability, they’re still not as mature as laptop computers, and their software, in many cases, doesn’t have the same safeguards. He warns that the cybersecurity issues need to be solved on the front end by their producers, because these devices aren’t going to get less popular.

“It’s not like people can bury their heads in the sand and not buy thermostats,” he said. “Issues are going to occur. We need revolutionary improvement in network security.”

Wilson points to the work of fellow FICS Research colleagues Patrick Traynor and Kevin Butler, and to the work of Mark Tehranipoor, as examples of why UF is an ideal place to tackle these problems and find solutions. “The thing that does characterize our group is that it’s extremely varied,” he said. “The preeminence initiative has made a huge impact in our ability to do world-class research.”

(32)

14

WHO ARE THE ADVERSARIES?

There was one question I kept returning to over the course of researching this project: who are these so-called bad guys constantly trying to attack and break cybersecurity?

The answer is not as clear as one would think. In cybersecurity jargon, someone who tries to compromise the security of a program or attack it or install malware onto something is called an adversary. It’s a fancy word for bad guy. What does it mean?

Turns out, the definition is fairly broad. It can mean one person, a group, an organization, or even a government that practices or intends to engage in detrimental cyber-threat-like activities. It could mean a teenager sitting in his bedroom or a room full of military personnel in a country far away from ours, working a regular day shift. There are some notable stories about both.

It’s no secret that part of the reason the U.S. government is so interested in cybersecurity is because of economic espionage, especially from China. In January, the CBS News program 60 Minutes ran a story called “The Great Brain Robbery,” about how much money cyber espionage is costing U.S. companies.

Daniel McGahn, the head of American Superconductor, said he spent years and millions of dollars developing advanced computer software for wind turbines. He said China looted the software and nearly put him out of business. He had to fire six hundred of nearly nine hundred employees and lost more than a billion dollars.

He said the software was reverse engineered. The company apparently turned one of McGahn’s employees into a spy.

Sinovel, the company that allegedly stole his software, is partly owned by the Chinese government. They even sold some of these turbines with the pirated software to the state of Massachusetts, the story said, and they were paid for with federal stimulus funds.

What’s perhaps more interesting is how well known the cybersecurity threat from China really is. The Chinese military even has a whole unit, PLA Unit 61398, that allegedly works shifts trying to hack into American companies. The unit, according to forensic evidence, “traces the base of operations to a 12-story building off Datong Road in a public, mixed-use area of Pudong in Shanghai.”

“On 19 May 2014 the U.S. Department of Justice announced that a Federal grand jury had returned an indictment of five unit officers on charges of theft of confidential business information and intellectual property from U.S. commercial firms, and of planting malware on their computers.”

The problem is persistent. On September 25, 2015, President Barack Obama tried to broker a deal with the leader of the Chinese Communist Party, Xi Jinping, to end the cybersecurity attacks for economic gain. Unfortunately, the next day the attacks continued as usual.