Return to index

Dissecting the 'Love Bug' virus

Davis and Doug Jacobson both associate professors of electrical and computer engineering and their students mapped out how the recent Internet virus dubbed "Love Bug" actually worked. They eventually covered nearly a full wall of Davis office with Post-its that represented pieces of the Love Bug computer code.

The researchers broke the Love Bug code into pieces and traced attributes of those pieces to previous attacks.

"It started looking like genetic information being passed from previous attacks," Davis said. "We made a big graph of these attacks, looked at the genetics of it and noticed a very small number of core techniques that were being used over and over. "If we develop an effective countermeasure for that small core of techniques, we would effectively eliminate that entire path of attacks," he said. "Its that simple."

A step ahead
Simple and preventative are exactly what Davis and Jacobson want. They would like nothing more than to move information assurance (the academic equivalent of computer security) from reactionary effort to preemptive exercise, and their efforts are helping make Iowa State a leader in the field.

Theyve learned that in the stealthy world of computer hacking, staying on your toes and a step ahead of hackers can pay rich rewards.

"Attacks used to be nuisances," Davis noted, "put on sort of as pranks. Now theyre billion dollar losses.

"Our Internet constantly is being attacked and probed even by our allies," Davis said. "Thats the environment in which we live."

Which makes computer security huge in the e-world.

"Security is everybodys issue," Jacobson said, "not just the nerd in the corner. As everybody ties into the Internet, it is every citizens responsibility to be aware of security issues."

New masters
This fall, Iowa State begins a masters degree program in information assurance. The program is one of six nationwide and will involve several departments and centers, where students will research and practice electronic warfare, honing their skills for real world encounters.

The masters program has generated considerable interest. Jacobson and Davis field hundreds of questions monthly from prospective students and businesses interested in the program.

"If every student who graduated from this university were in computer security, it wouldnt meet demand," Jacobson said. "All of the six U.S. degree programs cant produce enough graduates."

Ethical dilemmas
A distinction of the ISU program is that it not only will teach technical aspects of making computers secure cryptography, intrusion detection, launching successful counter measures but will tackle thorny social and ethical issues as well, Davis said.

The FBIs recently publicized Carnivore e-mail surveillance software is one example of technologys reach colliding with peoples tolerance. The Carnivore program is "technologically trivial," but it flags fundamental privacy issues that need to be addressed, Jacobson said.

"There are so many things that can be done technically, but you have to ask, Is this what we want?" Davis said. "Issues, like the ones that relate to privacy, come down to social and political ramifications. Programs that focus only on the technical side totally miss those key issues."

Jacobson added that passing laws against certain online behavior isnt the answer. He said future professionals in the computer field need to know where the social and political lines are drawn and respect them because "you cant put the technology back into the bottle."

Think fast
"This is an interesting field because what you are up against is very adaptable, very changeable," Jacobson said. "Its you against somebody else, and that somebody else might very well be better than you.

"You have a lot of open-ended problems that require really tough solutions," he added. "You have to be creative. You have to be fast. You have to be bright to tackle these problems. You really have to think differently and that motivates a lot of people."

   Skip Derra
   News Service

Beware the Trojan Horse