Main navigation (Level 2)
- NOW news & events
- Newsmakers
- Conversation series
- Beyond the headlines 2011
- Fighting cybercrime
Fighting cybercrime
A conversation with Benjamin FUNG and Lynne PERRAULT
Inventing a powerful new weapon against crime could put you on the world’s most-wanted list — in a good way.
Professor Benjamin Fung and his team at the Concordia Institute for Information Systems Engineering (CIISE) developed a tool that helps investigators identify criminals behind anonymous emails, using clues such as syntax, spelling, punctuation, capitalization and other attributes.
The breakthrough was reported in more than 50 publications worldwide, and the calls and emails soon began pouring in — from police, private investigators, courts of law and victims.
“Hundreds of threatening emails were forwarded by victims asking me to identify the author,” says Fung.
Listen to the podcast
Mining for criminals
Fung earned his spot on the mostwanted
list by advancing the global
battle against spam and other malicious
cybercrime, which often preys on the
elderly, the young and uneducated.
His research specialty is data mining,
which deploys complex algorithms to
extract useful knowledge from raw data.
When analyzing emails, for example,
his tool ignores shared characteristics
among suspects to zero in on nearly
invisible quirks, such as vocabulary
richness and punctuation. The
combination of these hard-to-disguise
quirks can, for example, identify the
writer’s gender and nationality.
Fung and his co-author, CIISE
director Mourad Debbabi, published
their findings in the peer-reviewed
journals, Informational Sciences and
Digital Investigation, with support from
Canada’s National Cyber-Forensics and
Training Alliance. The consortium of
government, industry, law enforcement
and academic researchers is based
at Concordia.
Weapons testing
Fung’s team famously tested their
weapon on hundreds of emails written
by disgraced Enron executives, to
demonstrate accuracy of 80 to 90 per
cent — a remarkable advance over
previous methods.
This isn’t enough for a conviction in
criminal court — which requires evidence
beyond a shadow of a doubt — but it
does support expert testimony and helps
the police to build a stronger case.
Now that his weapon is part of the
cybercrime-fighter’s arsenal, Fung has
turned his attention to blogs, instant
messaging and social media, which
criminals also use to prey on victims.
In conversation — Beyond the headlines
During an absorbing investigation
of cybercrime, Benjamin Fung
and Lynne Perrault, director of the
Electronic Commerce Enforcement
Division at the Canadian Radiotelevision
Telecommunications
Commission (CRTC), managed to touch
on global security, Canada’s new antispam
legislation, botnets, phishing and,
perhaps most problematic of all, plain
old human nature.
“In law enforcement,” says Perrault
during the conversation at Concordia,
“[we understand] that the weakest link
is in fact the general public, who click on
the link that they’re not supposed to …
Curiosity is always an issue.”
The fifth dimension of war
Fung begins the discussion with a
startling fact that brings the scope of
cybercrime into sharper perspective.
FUNG: The U.S. Department of
Defense has just officially announced
that it now considers cyberspace to
be the fifth dimension of warfare, in
addition to land, sea, air and space.
This decision pretty much reflects the
fact that critical infrastructures in our
society, such as telecommunications,
transportation and financial systems,
operate in cyberspace, and we cannot
afford to lose these systems.
Battling botnets
For the U.S. military and many
governments, the fifth battlefield
is overrun by botnets that, Trojan
horse-like, conceal their malicious load.
Hackers typically distribute botnets
through emails or websites.
“Once a computer gets infected,”
explains Fung, “it may still perform
normally, as usual, until it receives
some command from the hacker. So
the computer becomes a servant or
robot for that particular hacker. And
the hacker can give a command, say to
attack a particular web server.
“My colleagues in the security team
at Concordia are working on identifying
the servers and dismantling those
botnets before they actually cause any
real damage. And in that aspect they are
demonstrating some success in this area.”
Perrault counters that 80 to 90 per
cent of all email traffic is designated
as spam, and while Internet service
providers are doing an excellent job at
filtering out most of the junk, botnets
remain a problem.
“How big is [this problem] in
Canada?” she says. “There are upwards
of 30 command and control botnet
servers in Canada identified … One command and control botnet server
can disseminate voluminous amounts
of spam, and identifying these servers is
going to be a key issue.”
Bill C-28 on the table
During one exchange, Perrault provides
a fascinating chronicle of Canada’s new
anti-spam legislation, which received
royal assent in December 2010.
“We were one of the last countries
to come to the table with anti-spam
legislation,” she says. “That allowed us
to look at other legislations and take the
best from all of them.
“I’d venture to say that once … we
start enforcing the legislation, Dr. Fung is
going to have the opportunity to work
with some real-life data to test out his
tool. I’m anxious for that to occur.”
A history of insecurity
Offering a short history of the
Internet, Fung points out that “the
original purpose of the Internet was
to share information, not to protect
information.”
Nevertheless, he says, throughout
the past decade we’ve been overlaying a
growing number of secure transactions,
such as e-business and e-banking, over
a fundamentally insecure environment.
While this had led to a period of
transformation, Fung doesn’t believe
we’re at an impasse.
“I’m optimistic that it’s possible to
perform secure operations,” he says, “
… by using different techniques
such as encryption or cryptography … .
I agree it’s difficult, but I think it’s
still achievable.”
Partners in crime fighting
Whether a secure Internet is achievable
will largely depend on partnership, which
is itself problematic. “[Partnering] is
a new concept for law enforcement,”
Perrault admits. “We tended to work in
silos, and once we got the information
we wanted to keep it there.”
That’s all changing, however, driven
by the sheer scope and complexity
of cybercrime.
PERRAULT: We need to partner
with research specialists, such as Dr.
Fung, with other industry partners who
are seeing the trends and threats as they
happen to their networks … We [the
CRTC] don’t have that … immediate
view, or real-time view, of the situation.
So partnering is going to be
paramount [for] organizations
like the National Cyber-Forensics
Training Alliance Canada and its sister
organization in the U.S. … [We need]
these non-profit organizations, that
bring together academia, industry, law
enforcement, government, etc., to
tackle cybercrime.
Institutionalized learning
With a background in private enterprise
and academia, Fung echoes Perrault’s
appreciation of partnerships — and
can’t resist plugging one of the nation’s
foremost centres for cyber security.
FUNG: Training is one of the primary
objectives of … [the] Concordia
Institute for Information Systems
Engineering. We have a specialized
master’s program in Information
Systems Security, which is organized
by six faculty members with different
security backgrounds, from cyber
forensics to privacy protections,
from network system security to
cryptography.
Benjamin FUNG
An assistant professor at the Concordia Institute for Information Systems Engineering (CIISE) and a
research scientist of the National Cyber-Forensics and Training Alliance Canada, Fung has a PhD in
computing science from Simon Fraser University. He has more than 40 publications on data mining,
privacy protection, cyber forensics and web services to his credit, and his research has attracted
support from the Natural Sciences and Engineering Research Council of Canada, Defence
Research and Development Canada, and Le Fonds québécois de la recherche sur la nature et
les technologies. A licensed software engineer, Fung is currently affiliated with the Computer
Security Lab at CIISE.
Lynne PERRAULT
Director of the Electronic Commerce Enforcement Division at the Canadian Radio-television
Telecommunications Commission (CRTC), Perrault is responsible for ensuring compliance
with Canada’s new anti-spam legislation (Bill C-28). Prior to joining the CRTC, Perrault was
executive director of the National Cyber-Forensics and Training Alliance Canada and a
computer forensics officer in the electronic evidence unit of the Competition Bureau, which is
an independent Canadian law enforcement agency. She has more than 20 years experience in
forensics and policy development.
Fung earned his spot on the mostwanted list by advancing the global battle against spam and other malicious cybercrime, which often preys on the elderly, the young and uneducated.
His research specialty is data mining, which deploys complex algorithms to extract useful knowledge from raw data.
When analyzing emails, for example, his tool ignores shared characteristics among suspects to zero in on nearly invisible quirks, such as vocabulary richness and punctuation. The combination of these hard-to-disguise quirks can, for example, identify the writer’s gender and nationality.
Fung and his co-author, CIISE director Mourad Debbabi, published their findings in the peer-reviewed journals, Informational Sciences and Digital Investigation, with support from Canada’s National Cyber-Forensics and Training Alliance. The consortium of government, industry, law enforcement and academic researchers is based at Concordia.
Fung’s team famously tested their weapon on hundreds of emails written by disgraced Enron executives, to demonstrate accuracy of 80 to 90 per cent — a remarkable advance over previous methods.
This isn’t enough for a conviction in criminal court — which requires evidence beyond a shadow of a doubt — but it does support expert testimony and helps the police to build a stronger case.
Now that his weapon is part of the cybercrime-fighter’s arsenal, Fung has turned his attention to blogs, instant messaging and social media, which criminals also use to prey on victims.
In conversation — Beyond the headlines
During an absorbing investigation of cybercrime, Benjamin Fung and Lynne Perrault, director of the Electronic Commerce Enforcement Division at the Canadian Radiotelevision Telecommunications Commission (CRTC), managed to touch on global security, Canada’s new antispam legislation, botnets, phishing and, perhaps most problematic of all, plain old human nature.
“In law enforcement,” says Perrault during the conversation at Concordia, “[we understand] that the weakest link is in fact the general public, who click on the link that they’re not supposed to … Curiosity is always an issue.”
The fifth dimension of war
Fung begins the discussion with a startling fact that brings the scope of cybercrime into sharper perspective.
FUNG: The U.S. Department of Defense has just officially announced that it now considers cyberspace to be the fifth dimension of warfare, in addition to land, sea, air and space. This decision pretty much reflects the fact that critical infrastructures in our society, such as telecommunications, transportation and financial systems, operate in cyberspace, and we cannot afford to lose these systems.
Battling botnets
For the U.S. military and many governments, the fifth battlefield is overrun by botnets that, Trojan horse-like, conceal their malicious load. Hackers typically distribute botnets through emails or websites.
“Once a computer gets infected,” explains Fung, “it may still perform normally, as usual, until it receives some command from the hacker. So the computer becomes a servant or robot for that particular hacker. And the hacker can give a command, say to attack a particular web server.
“My colleagues in the security team at Concordia are working on identifying the servers and dismantling those botnets before they actually cause any real damage. And in that aspect they are demonstrating some success in this area.”
Perrault counters that 80 to 90 per cent of all email traffic is designated as spam, and while Internet service providers are doing an excellent job at filtering out most of the junk, botnets remain a problem.
“How big is [this problem] in Canada?” she says. “There are upwards of 30 command and control botnet servers in Canada identified … One command and control botnet server can disseminate voluminous amounts of spam, and identifying these servers is going to be a key issue.”
Bill C-28 on the table
During one exchange, Perrault provides a fascinating chronicle of Canada’s new anti-spam legislation, which received royal assent in December 2010.
“We were one of the last countries to come to the table with anti-spam legislation,” she says. “That allowed us to look at other legislations and take the best from all of them.
“I’d venture to say that once … we start enforcing the legislation, Dr. Fung is going to have the opportunity to work with some real-life data to test out his tool. I’m anxious for that to occur.”
A history of insecurity
Offering a short history of the Internet, Fung points out that “the original purpose of the Internet was to share information, not to protect information.”
Nevertheless, he says, throughout the past decade we’ve been overlaying a growing number of secure transactions, such as e-business and e-banking, over a fundamentally insecure environment. While this had led to a period of transformation, Fung doesn’t believe we’re at an impasse.
“I’m optimistic that it’s possible to perform secure operations,” he says, “ … by using different techniques such as encryption or cryptography … . I agree it’s difficult, but I think it’s still achievable.”
Partners in crime fighting
Whether a secure Internet is achievable will largely depend on partnership, which is itself problematic. “[Partnering] is a new concept for law enforcement,” Perrault admits. “We tended to work in silos, and once we got the information we wanted to keep it there.”
That’s all changing, however, driven by the sheer scope and complexity of cybercrime.
PERRAULT: We need to partner with research specialists, such as Dr. Fung, with other industry partners who are seeing the trends and threats as they happen to their networks … We [the CRTC] don’t have that … immediate view, or real-time view, of the situation.
So partnering is going to be paramount [for] organizations like the National Cyber-Forensics Training Alliance Canada and its sister organization in the U.S. … [We need] these non-profit organizations, that bring together academia, industry, law enforcement, government, etc., to tackle cybercrime.
Institutionalized learning
With a background in private enterprise and academia, Fung echoes Perrault’s appreciation of partnerships — and can’t resist plugging one of the nation’s foremost centres for cyber security.
FUNG: Training is one of the primary objectives of … [the] Concordia Institute for Information Systems Engineering. We have a specialized master’s program in Information Systems Security, which is organized by six faculty members with different security backgrounds, from cyber forensics to privacy protections, from network system security to cryptography.
An assistant professor at the Concordia Institute for Information Systems Engineering (CIISE) and a research scientist of the National Cyber-Forensics and Training Alliance Canada, Fung has a PhD in computing science from Simon Fraser University. He has more than 40 publications on data mining, privacy protection, cyber forensics and web services to his credit, and his research has attracted support from the Natural Sciences and Engineering Research Council of Canada, Defence Research and Development Canada, and Le Fonds québécois de la recherche sur la nature et les technologies. A licensed software engineer, Fung is currently affiliated with the Computer Security Lab at CIISE.
Director of the Electronic Commerce Enforcement Division at the Canadian Radio-television Telecommunications Commission (CRTC), Perrault is responsible for ensuring compliance with Canada’s new anti-spam legislation (Bill C-28). Prior to joining the CRTC, Perrault was executive director of the National Cyber-Forensics and Training Alliance Canada and a computer forensics officer in the electronic evidence unit of the Competition Bureau, which is an independent Canadian law enforcement agency. She has more than 20 years experience in forensics and policy development.
Index
- Mining for criminals
- Weapons testing
- In conversation — Beyond the headlines
- The fifth dimension of war
- Battling botnets
- Bill C-28 on the table
- A history of insecurity
- Partners in crime fighting
- Institutionalized learning
- Benjamin FUNG
- Lynne PERRAULT
- Comments
Related link
- Beyond the headlines - Read the 2010-11 conversations that made headlines and changed the way we think.
It’ s like trying to prevent forest
fires or traffic accidents. You can’ t completely eliminate all cybercrime. But you can actually limit or restrict the damage.
