Megan is driving her new sedan to the mall to get her nails done before heading to work at the deli down the road. She decides she has time for a coffee and heads for her regular caffeine spot where barista Tim likes to flirt with her by writing funny names on her cup. Never just “Megan.” She waits for the oncoming traffic to clear and turns left into the plaza. But the car keeps going straight. She spins the steering wheel. Nothing. Pumps the brakes. Nothing. The car accelerates toward the next intersection, while Megan continues pumping the brakes wildly. Nothing.
She’s about to collide with a black pickup truck covered in skull decals, when the car slams to a stop. The light turns green. Traffic moves forward. With her foot pushing the brake pedal to the floor as hard as she can, Megan’s car rockets forward. Two towns away, Brian leans back in his ergonomic desk chair, grinning at the wall full of screens depicting moving cars – including Megan’s.
WHITE HAT HACKERS
Talk to Michel or Chandy for a few minutes and you begin to get a sense of what life is like in their world of electronic espionage. And if you leave feeling a little paranoid, well, that’s to be expected.
Michel will tell you that the world is filled with hackers and malicious machines known as zombies, or computer bots, which hackers have seized via remote control and without their owners’ knowledge or permission. Those machines are constantly scouring the Internet trying to steal information from your, my, and everyone else’s computers. From the moment you open your laptop and connect to the Internet, your computer is likely getting assaulted by malicious attacks, Michel says. If your computer’s security is good and you keep current with all the latest security updates, chances are you’re successfully fending off most of them… for now. But hackers are a relentless and mischievous bunch. All it takes is one click on a bogus email, one click on an infected website, and the black hat hackers are in.
The good news is that amid the piles of green motherboards, electrical wiring, testing equipment, and computer consoles, Chandy, Michel, and a team of about a half-dozen very talented graduate and undergraduate students are playing the role of said hackers. Here, however, they are the good guys. Michel likes to describe the team as “ethical hackers,” white hats probing ever deeper into Comcast’s hardware and computing systems to expose potential vulnerabilities.
The battle between the white hats and the black hats is constant. Cybersecurity is an ever-shifting landscape as new technologies, system updates, viruses, worms, and attack strategies emerge on the Internet.
“John and I are constantly on the lookout for what’s happening,” says Michel. “What are the new vulnerabilities? What are the latest attacks? To do this properly, you have to be like a surfer. You have to be on top of the wave, not behind it. You have to keep moving and always stay a little bit ahead.”
If the lab is successful at breaking into a system, that’s a good thing. Exposing a vulnerability in the lab gives vendors the opportunity to correct a problem before a product goes to market or to fix a problem if the product is already in circulation.
If the research team fails to get into a system, well, that’s okay too. That means the system’s designers are on top of their game and did a great job protecting the system’s integrity and locking it tight.
Since it opened, Chandy says the lab has made significant discoveries that helped vendors and saved consumers considerable headache. But because of the often secretive nature of the lab’s work and its basis in security, the limelight of commercial success doesn’t always extend to the lab’s cubicles and workbenches.
When students find a potential vulnerability in a system, the lab immediately notifies the vendor or system provider so the weakness can be addressed. A lot of times, news of the discovery stops there. Chandy recounts a time when he and other lab members heard of a significant system vulnerability being discussed at a national cybersecurity conference. It sounded familiar. Chandy turned to his colleagues and whispered, “Didn’t we find that months ago?” Such is the nature of the business.
“The lab we have here is pretty unique for a university,” says Chandy. “A lot of times, the way we get into these systems is not necessarily through back doors. I would call them testing and debugging phases,” Chandy says. “One of the things a vendor wants to do when they release these systems is they want to test it. So they leave the interfaces open so we can do just that.”