Networking Research at USENIX Security

Back to Gazette, Fall 2014

Networking and Security researchers presented two papers at the USENIX Security Symposium, held in August in San Diego, examining two significant threats in modern cybersecurity: compromised browser extensions and the use of malware by oppressive governments.

William Marczak, a graduate student in the group, and Paxson worked with the Citizen Lab at the University of Toronto’s Munk School of Global Affairs to investigate ways that the governments in Bahrain, Syria, and the United Arab Emirates use malware to identify and attack activists, journalists and others who have criticized their governments.

The researchers worked with activists to analyze the attacks, often initiated by social media and email messages masquerading as information about opposition movements. The researchers found that the attacks may have been a factor in setbacks to these movements ranging from public embarrassment to the criminal convictions of activists.

They looked at software marketed exclusively to governments, like Gamma International’s FinSpy and Hacking Team’s Remote Control System, that can record passwords, log keystrokes and take screenshots, among other capabilities. They also looked at the nongovernment-specific use of IP spy links, which can reveal the IP addresses of those who attempt to remain anonymous on social media, and remote access trojans.

Chris Grier, a senior researcher in Networking and Security, and Professor Vern Paxson, who leads the group, collaborated with researchers from UC Santa Barbara and UC San Diego to develop “Hulk,” a program that identifies malicious code hidden in Google Chrome browser extensions.

Using data from the Chrome Web Store, they created an application that identifies security issues in popular extensions that expose users to malware and privacy invasion. Hulk is among the first of its kind and could lead to major security and policy changes in the web store as Google corrects the identified vulnerabilities.