Fighting cybercrime
A conversation with Benjamin FUNG and Lynne PERRAULT
Inventing a powerful new weapon against crime could put you on the world’s most-wanted list — in a good way.
Professor Benjamin Fung and his team at the Concordia Institute for Information Systems Engineering (CIISE) developed a tool that helps investigators identify criminals behind anonymous emails, using clues such as syntax, spelling, punctuation, capitalization and other attributes.
The breakthrough was reported in more than 50 publications worldwide, and the calls and emails soon began pouring in — from police, private investigators, courts of law and victims.
“Hundreds of threatening emails were forwarded by victims asking me to identify the author,” says Fung.
Listen to the podcast
Download the podcast (26.4 MB)
Mining for criminals
Fung earned his spot on the mostwanted list by advancing the global battle against spam and other malicious cybercrime, which often preys on the elderly, the young and uneducated.
His research specialty is data mining, which deploys complex algorithms to extract useful knowledge from raw data.
When analyzing emails, for example, his tool ignores shared characteristics among suspects to zero in on nearly invisible quirks, such as vocabulary richness and punctuation. The combination of these hard-to-disguise quirks can, for example, identify the writer’s gender and nationality.
Fung and his co-author, CIISE director Mourad Debbabi, published their findings in the peer-reviewed journals, Informational Sciences and Digital Investigation, with support from Canada’s National Cyber-Forensics and Training Alliance. The consortium of government, industry, law enforcement and academic researchers is based at Concordia.
Weapons testing
Fung’s team famously tested their weapon on hundreds of emails written by disgraced Enron executives, to demonstrate accuracy of 80 to 90 per cent — a remarkable advance over previous methods.
This isn’t enough for a conviction in criminal court — which requires evidence beyond a shadow of a doubt — but it does support expert testimony and helps the police to build a stronger case.
Now that his weapon is part of the cybercrime-fighter’s arsenal, Fung has turned his attention to blogs, instant messaging and social media, which criminals also use to prey on victims.
In conversation — Beyond the headlines
During an absorbing investigation of cybercrime, Benjamin Fung and Lynne Perrault, director of the Electronic Commerce Enforcement Division at the Canadian Radiotelevision Telecommunications Commission (CRTC), managed to touch on global security, Canada’s new antispam legislation, botnets, phishing and, perhaps most problematic of all, plain old human nature.
“In law enforcement,” says Perrault during the conversation at Concordia, “[we understand] that the weakest link is in fact the general public, who click on the link that they’re not supposed to … Curiosity is always an issue.”
The fifth dimension of war
Fung begins the discussion with a startling fact that brings the scope of cybercrime into sharper perspective.
FUNG: The U.S. Department of Defense has just officially announced that it now considers cyberspace to be the fifth dimension of warfare, in addition to land, sea, air and space. This decision pretty much reflects the fact that critical infrastructures in our society, such as telecommunications, transportation and financial systems, operate in cyberspace, and we cannot afford to lose these systems.
Battling botnets
For the U.S. military and many governments, the fifth battlefield is overrun by botnets that, Trojan horse-like, conceal their malicious load. Hackers typically distribute botnets through emails or websites.
“Once a computer gets infected,” explains Fung, “it may still perform normally, as usual, until it receives some command from the hacker. So the computer becomes a servant or robot for that particular hacker. And the hacker can give a command, say to attack a particular web server.
“My colleagues in the security team at Concordia are working on identifying the servers and dismantling those botnets before they actually cause any real damage. And in that aspect they are demonstrating some success in this area.”
Perrault counters that 80 to 90 per cent of all email traffic is designated as spam, and while Internet service providers are doing an excellent job at filtering out most of the junk, botnets remain a problem.
“How big is [this problem] in Canada?” she says. “There are upwards of 30 command and control botnet servers in Canada identified … One command and control botnet server can disseminate voluminous amounts of spam, and identifying these servers is going to be a key issue.”
Bill C-28 on the table
During one exchange, Perrault provides a fascinating chronicle of Canada’s new anti-spam legislation, which received royal assent in December 2010.
“We were one of the last countries to come to the table with anti-spam legislation,” she says. “That allowed us to look at other legislations and take the best from all of them.
“I’d venture to say that once … we start enforcing the legislation, Dr. Fung is going to have the opportunity to work with some real-life data to test out his tool. I’m anxious for that to occur.”
A history of insecurity
Offering a short history of the Internet, Fung points out that “the original purpose of the Internet was to share information, not to protect information.”
Nevertheless, he says, throughout the past decade we’ve been overlaying a growing number of secure transactions, such as e-business and e-banking, over a fundamentally insecure environment. While this had led to a period of transformation, Fung doesn’t believe we’re at an impasse.
“I’m optimistic that it’s possible to perform secure operations,” he says, “ … by using different techniques such as encryption or cryptography … . I agree it’s difficult, but I think it’s still achievable.”
Partners in crime fighting
Whether a secure Internet is achievable will largely depend on partnership, which is itself problematic. “[Partnering] is a new concept for law enforcement,” Perrault admits. “We tended to work in silos, and once we got the information we wanted to keep it there.”
That’s all changing, however, driven by the sheer scope and complexity of cybercrime.
PERRAULT: We need to partner with research specialists, such as Dr. Fung, with other industry partners who are seeing the trends and threats as they happen to their networks … We [the CRTC] don’t have that … immediate view, or real-time view, of the situation.
So partnering is going to be paramount [for] organizations like the National Cyber-Forensics Training Alliance Canada and its sister organization in the U.S. … [We need] these non-profit organizations, that bring together academia, industry, law enforcement, government, etc., to tackle cybercrime.
Institutionalized learning
With a background in private enterprise and academia, Fung echoes Perrault’s appreciation of partnerships — and can’t resist plugging one of the nation’s foremost centres for cyber security.
FUNG: Training is one of the primary objectives of … [the] Concordia Institute for Information Systems Engineering. We have a specialized master’s program in Information Systems Security, which is organized by six faculty members with different security backgrounds, from cyber forensics to privacy protections, from network system security to cryptography.
An assistant professor at the Concordia Institute for Information Systems Engineering (CIISE) and a research scientist of the National Cyber-Forensics and Training Alliance Canada, Fung has a PhD in computing science from Simon Fraser University. He has more than 40 publications on data mining, privacy protection, cyber forensics and web services to his credit, and his research has attracted support from the Natural Sciences and Engineering Research Council of Canada, Defence Research and Development Canada, and Le Fonds québécois de la recherche sur la nature et les technologies. A licensed software engineer, Fung is currently affiliated with the Computer Security Lab at CIISE.
Director of the Electronic Commerce Enforcement Division at the Canadian Radio-television Telecommunications Commission (CRTC), Perrault is responsible for ensuring compliance with Canada’s new anti-spam legislation (Bill C-28). Prior to joining the CRTC, Perrault was executive director of the National Cyber-Forensics and Training Alliance Canada and a computer forensics officer in the electronic evidence unit of the Competition Bureau, which is an independent Canadian law enforcement agency. She has more than 20 years experience in forensics and policy development.