Saturday 24 August 2019

From human viruses to computer ones: hunting the cyber scammers

As a cyber-security expert, Martin Lee keeps an eye on the internet bad guys, writes Alan O'Keeffe

Martin Lee
Martin Lee

Alan O'Keeffe

Martin Lee switched from mapping human viruses to tracking computer viruses. Criminal gangs that prey on computer users in Ireland and around the world are the targets of Lee's team of hunters in cyberspace.

Scammers who duped an Irish woman into sending her bank details to a bogus Revenue Commissioners' website are the type of gang cyber-security specialists like Lee (inset) relentlessly pursue.

Please log in or register with Independent.ie for free access to this article.

Log In

"We monitor the threats and identify what the bad guys are up to," said Mr Lee, who swapped a career as a human virus researcher to hunt cyber criminals.

The 49-year-old specialist leads an international group within Talos, an intelligence and research organisation which works for Cisco, a global leader in IT and cyber-security.

"We protect the internet," he said.

Recently, an Irish woman nearly lost €4,500 after receiving a text claiming to be from the Revenue Commissioners stating: "Your tax refund is ready." She was expecting a tax refund and logged on to a bogus website and supplied her bank details.

Sharp-eyed officials at her Irish bank saved the day. They informed her an attempt was being made to remove €4,500 from her account. She said she was expecting a deposit, not a withdrawal. The scam to transfer the cash to a Romanian bank account was foiled.

Mr Lee told the Sunday Independent: "We need to stop this type of malicious message from getting in front of the end user. No matter how many times you tell people not to click on links or not to believe they are going to get a refund from the taxman, people still fall for it because it is human nature."

He said there are no new crimes, just new digital methods of committing old crimes such as extortion and theft. "The art of the conman is to give someone a message that they believe in. They may be expecting a message or are primed for a message which they are susceptible to. Or they get hit when they are vulnerable.

"Once they have got the hook on the end user, they will reel them in. So the key is keeping these messages as far from the end user as possible… Our focus is on detecting and blocking the attacks," he said.

Another old crime that pops up in cyberspace is the old vandalism impulse that once led to bus shelters being damaged which now finds expression in viruses created to deface or destroy websites or systems.

Cisco has more than 300 staff in Dublin and Galway and began a process last year of hiring 100 more.

Lee works from his home in Oxford and his fellow hunters operate from their homes all over Europe. He has qualifications in biochemistry, pharmacology, and bio-medicine as well as software engineering.

Previously a researcher in human viral kinetics, he jumped ship from human viral research to become a self-taught IT expert in 1996. Later, a job came up to develop spam filters for IT networks. He said: "I could see the similarity between spam and viruses. The work I was doing in analysing virus DNA - analysing sequences and looking for patterns - is almost identical to the problem of spam. If you want to identify if something is spam, you identify its patterns and see how similar it is to other spam. That is how I started."

Now, he and his team are in daily cat-and-mouse battles with cyber criminals in Europe, the Middle East, and Africa.

"We took down a criminal gang a couple of years ago called the Angler Gang. They were distributing ransom-ware," he said.

Criminals disable individual computers with viruses and seek to extort money from the owners, warning them they will never be able to access their own data again unless they pay a ransom.

Lee and his team tracked the services providers they tended to use, as most cyber-criminals are creatures of habit. The team got the service providers to pull the plug on them and then they were able to get the logs from the criminals' server to identify them.

"This gang was making €34m a year from ransom-ware. People think of cyber criminals as teenagers in hoodies in their bedrooms. Not at all. This is organised crime and big business," he said.

Around a dozen people were arrested by police in Russia following the investigation, he said.

Last year, his team worked on cracking the VPN-Filter case. This involved malware designed to compromise half a million router boxes in homes and businesses around the world.

The malware could intercept communications, user-names, passwords, and could have been used to create a vast coordinated network of systems to hide and launder stolen data.

The malware infected computers in 54 countries, most of them in Ukraine. But the threat was detected and disrupted. The US government claimed Russian intelligence was involved, said Mr Lee.

A big security issue for the IT sector is supply chain attacks. Legitimate systems from reputable vendor companies use the source codes used to produce their hardware and software but it can become compromised with malicious code, he said.

One of the big worries Mr Lee has for the future is that critical national infrastructures such as water supplies, sewage systems and railway systems are now vulnerable to attack after being connected to the internet.

"The switches that previously used to be controlled by a man in a van with a big spanner are now connected to the internet and to a control centre somewhere… there's a lot of opportunities for bad guys," he said.

He said Irish users of home and business computers, smartphones and laptops can all ensure they take practical steps to protect their data.

In the new world order, data was "the new oil" in terms of global demand.

Martin Lee's practical tips...

l Identify what data is most vulnerable in the event of a malware attack.

l Update, update, update, when it comes to installing patches and security updates on phones and all computer systems.

l Use anti-virus software. Cisco gives Immunet, an anti-viral software, free to the public. Snort is an intrusion detection system also available for free.

l Back up data to Cloud or to an external hard-drive.

Sunday Independent

Editor's Choice

Also in Irish News