Outside of Class, Cybersecurity Students Learn to Think Like the Enemy

A group of NJIT students studying cybersecurity outside the classroom learned that it's educational to pretend to be the bad guys, in order to design stronger defenses against them.

SIGMAL — Special Interest Group for Malware — is a section born last year within NJIT's chapter of the Association for Computing Machinery, and their careful observations into the dark side of computer hacking are validated by experts around campus, from their faculty advisor to the university's own network security analyst.

Group leader Andres Orbe said more people are starting to attend the meetings that he founded as a compelling replacement to the ACM chapter's former security group, SIGSAC (security, access, controls), which ran from 2017-2019. There was also a cryptography SIG in 2016, chapter officer David Garcia added.

Orbe, a junior from North Bergen double-majoring in computer science and applied mathematics, gave in to his competitive nature by entering four hackathons on consecutive weekends and joining the university's International Collegiate Programming Contest team, before deciding that security is what he really wants to do.

SIGMAL operates two flagship projects. The first is JerseyCTF, an online capture-the-flag event where teams compete in security challenges. It ran in April this year and will be back with tougher security problems in 2022, Orbe said. The second is his real passion, a proof-of-concept ransomware program called F-Gaurd, intentionally misspelled to indicate that it's not real.

F-Gaurd code is private but a demonstration version is openly available to explore. Orbe and his colleagues wrote it in Google's Go language, which has New Jersey roots, as Go's primary developers were Bell Labs alumni Ken Thompson and Rob Pike. Thompson co-invented Unix and C in the 1960s-1970s, while Pike joined Thompson's team in the 1980s to build windowed interfaces and a follow-up operating system to Unix.

You're kind of learning about the dark arts but you need that to defend better.

With ransomware in the mainstream news, "It sounds very lethal and brutal and hackeresque, but it's just to get the attacker mindset. You're kind of learning about the dark arts but you need that to defend better," Orbe said.

The full code and documentation of F-Gaurd are safely stored away to prevent anyone from using it maliciously. It will help the group members stand out when they write resumes and apply to graduate school. Orbe's own goal is to earn a Ph.D. in computer science and security. In that regard, Orbe is getting a tangible head-start for himself and his peers, ahead of someday becoming graduate students in courses such as CS-645, Security and Privacy in Computer Systems or CS-647, Counter Hacking Techniques, taught by faculty who collaborate with NJIT's Cybersecurity Research Center.

"Code analysis and reverse engineering are an important aspect of cybersecurity. Understanding the techniques, tactics and procedures of an attacker helps us in defending against these types of threats. I think it's an excellent field for a student to research," said George Eliopolous, senior IT security analyst for NJIT's own network. "Practical malware analysis is a specialization that demands a wide range of skill sets that encompasses programming, digital forensics, systems administration and networking to name a few. It is usually performed by more seasoned cybersecurity professionals."

"It is how it is done in industry," agreed University Lecturer D.J. Kehoe, of the Ying Wu College of Computing informatics department, who also leads the college's videogame development group. "Companies with a need for high-end security, like banks and social media platforms, will often have teams of hackers working to crack each other's security measures, the results of which are used to strengthen the company's networks as a whole."

Orbe said he also hopes that SIGMAL continues to grow and remain active after he graduates, perhaps becoming a standalone organization someday.