IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Virginia Labs, Businesses Engineer Ways to Fight Hackers

In the battle against cybercriminals, Virginia is mustering its troops.

(Tribune News Service) -- Every day, aspiring thieves the world over are busy trying to slip into the digital back doors of society. When they get in, they can amass a dizzying haul: 110 million records from Target; 145 million from eBay; 109 million from Home Depot; 80 million from Anthem. The hackers who struck Sony Pictures claim to have taken every scrap of the company's internal data.

To the viewing public, the magnitude of the heists may be rivaled only by their frequency. The latest high-profile breach came two weeks ago when the security firm Kaspersky Lab reported that an international gang had discreetly swiped as much as $1 billion from as many as 100 banks across the globe over two years.

Where is the cavalry? In the battle against cybercriminals, Virginia is mustering its troops. At universities, businesses and labs across the commonwealth, help is on the way.

Use, wipe, repeat

One of the biggest developments in cybersecurity - measured by mere physical size, at least - is happening just off Interstate 64 in Newport News. Tucked into a grove of trees along Oyster Point Road, on the top floor of a heavily windowed, three-story office building, defense contractor Spectrum Comm Inc. is building a product that it hopes will change the way the military, hospitals, schools and businesses use and share tablets.

Its creation, dubbed Go-Box, aims to shore up one of the vulnerabilities that come with the proliferation of mobile devices at work. The goal is to keep malicious software from spreading from a tablet to an organization's entire network, where it could go undetected for weeks or months while hackers compile sensitive data.

It works like this: Imagine a Redbox kiosk, only sleeker, and built for iPads instead of DVDs. At the end of a shift, users insert their devices, which are wiped clean of their applications and operating systems - along with any malware they might have contracted while on the Internet.

One version of Go-Box can hold as many as 32 tablets. When another doctor or Navy helicopter mechanic or office worker needs to check one out, that person swipes an ID card, and another tablet is dispensed, newly loaded with the user's profile and previous work, which is encrypted and stored after each session.

"This makes sure the data gets securely pulled off it, and everything that runs off it is clean and pristine every time it checks out to new user," said Frank Byrum, Spectrum's chief scientist.

Continually swiping each tablet might sound like a draconian precaution, he said, "but for patient records, maybe that's what you need."

Spectrum took the concept from the drawing board to development in June and released it to the market in early January, said Mike Nickerson, company vice president. Helping build and test the machines have been three students from Christopher Newport University whom Spectrum discovered while sponsoring an unmanned aerial vehicle competition.

Nickerson said Spectrum intends to establish a fabrication facility in Newport News for its product line, which includes a heavy-duty vault model and the Go-Box Mini. Initially, they will focus on clients in health care, defense and education, he said.

The danger within

Paul Greene is targeting another threat: The inside job.

In the 2014 U.S. State of Cybercrime Survey - co-sponsors included Carnegie Mellon University and the Secret Service - 28 percent of cybersecurity incidents were blamed on current or former employees, contractors and other trusted parties. Nearly a third of respondents said such incidents cost more or inflict more damage than outside attacks.

Greene, a Virginia Tech alumnus and Navy veteran, helped create software that tracks and analyzes the movement, modification and viewing of documents from the moment they're created. The work is from Mach 1 Development Inc., a security technology company with offices in Northern Virginia and Texas that Greene founded in 2007.

His product, DocuTracer, allows organizations to keep tabs on documents as they're sent from person to person and can tell where and when they're accessed. Those and other features could help investigators solve crimes or prevent breaches by calling attention to suspicious behavior, like an employee who has suddenly begun to hoard internal memos.

Greene said white-collar criminals often amass the data they need several times before they finally decide to commit the theft. His software would capture those false starts.

DocuTracer, which has five patents and is awaiting four more, can even tell when a computer screen has remained unlocked for a long period with no work being done while the same document stays visible in the foreground.

"That doesn't happen unless they're trying to memorize it," Greene said.

Insurance revolution

Compromised iPads. Scheming employees. Those are just two of countless ways a company could be hacked. How is a CEO supposed to sleep?

Enter Sera-Brynn, a cyber-risk management firm based in Suffolk. The 4-year-old company leads clients through three stages in their quest for digital peace of mind: compliance, insurance and incident response.

Businesses and organizations face costly lawsuits when they lose third-party data. Rob Hegedus, Sera-Brynn's CEO, said the best firewall against being sued is following industry standards before an attack. After an attack, Sera-Brynn helps with things like containing and cleaning up the damage - serving as a go-between with law enforcement and regulators - and public relations.

As Hegedus describes it, though, it's step two - insurance - that is poised to most alter how business is done in the age of cyberattacks.

Hegedus predicted the insurance industry will become the biggest driver of cybersecurity by dictating what measures companies must take if they want coverage. And that coverage will be crucial because it is becoming increasingly accepted that if hackers want in, they will find a way, he said.

The average business owner "is not going to build walls," Hegedus said, "they're going to buy insurance."

Hegedus said Sera-Brynn is helping shape that landscape by teaming with insurance providers to develop policies. The company also runs cybersecurity risk assessments, something that Hegedus says will be a mandatory part of selling a business in three or four years.

Sera-Brynn has averaged about 200 percent growth year over year since its inception, Hegedus said, and it's been drawing big-time attention for its work. TowneBank is an investor. In February, the firm was ranked 16th on a list of 500 cybersecurity companies to watch in 2015, compiled by Cybersecurity Ventures of Menlo Park, Calif.

Boosting big ideas

Authors of future lists like that would do well to keep their eyes on Herndon, Va. There, twice a year, the people at the Mach37 Cyber Accelerator put promising security startups through a 90-day program to help them develop business plans, test products and find investors.

Mach37 - a reference to the minimum velocity needed to escape Earth's gravity - is a division of the Center for Innovative Technology, a nonprofit created in the 1980s by the General Assembly and partially funded by the state. The accelerator itself launched in September 2013 and has since graduated 17 companies.

They include vThreat, which offers an affordable way for organizations to assess their defenses by simulating attacks and testing how equipment and people respond. The company is the brainchild of Marcus Carey, a veteran who said he was a cryptologic technician in the Navy, which means he was responsible for securing intelligence "and all kinds of cool stuff that I can't talk about."

That kind of background is so prevalent in the commonwealth, with its military installations and Washington-area intelligence agencies, and the opportunities for working and networking there so rich, that Carey called it "the epicenter" of cybersecurity.

"Virginia has always been about protecting some kind of secrets," he said. "If you want to be a cybersecurity company, I think the Virginia area is the best place for you."

That's why Carey, who lives in Texas, is keeping vThreat's headquarters in Herndon.

Detection and deceit

Still more contributions are coming from researchers with ties to Virginia universities.

Jeff Reed, a professor at Virginia Tech, helped a Ph.D. student develop technology that detects cyberattacks not by identifying malicious code, but by discovering the tiny, telltale changes in power consumption that accompany an intrusion.

Because it sounds the alarm by sensing anomalies in power usage, Reed said, it can spot invasions that exploit unknown vulnerabilities in software, a crucial advantage in the cat-and-mouse game between cyberthieves and security experts. The company he co-founded based on the work, PFP Cybersecurity, bills its detection system as "near impossible to evade."

PFP's early focus is on protecting supply chains - it could detect a counterfeit processer that was slipped in on the assembly line, for example - and critical infrastructure, such as water treatment facilities, refineries and nuclear power plants.

The same technology may someday help guard more mundane applications, like your thermostat and coffee maker. The growing network of connected devices - the so-called Internet of Things - will feature such a diversity of software and hardware that traditional approaches to monitoring them won't work, Reed said.

"You need something common across all of them, and certainly every device consumes power," he said.

At Old Dominion University, assistant professor Youssif Al-Nashif is trying to keep systems running securely even after a breach.

The approach, in essence, is all trickery and misdirection.

Once they're in, hackers need to be familiar with the environment they've infiltrated to know where to go. Al-Nashif's research involves using layers and layers of virtual machines, any of which can be taken out of service if compromised, and constantly reshuffling the landscape.

"It becomes more and more like a game," said Al-Nashif, who is building a cloud system at ODU to test his work. "We want to distract the attacker so they do not know how to attack or where to attack."

That virtual environment is always changing.

"And when we detect an attack, we change faster," Al-Nashif said.

And what looked to the intruder to be a door becomes a wall.

©2015 The Virginian-Pilot (Norfolk, Va.) Distributed by Tribune Content Agency, LLC