Cyber crime busters: An inside look

Caleb Diehl
a researcher in McAfee's cyber security advanced threat research lab

An advanced threat research lab locates vulnerabilities in emerging technologies. 

Share this article!

 McAfee’s cyber security advanced threat research lab sounds like the setting for a James Bond film, and that’s not far from the truth.

 Nestled in the maze of Hillsboro office parks across the street from Intel, McAfee headquarters houses a small room staffed by bearded hackers in jeans and t-shirts.

The company’s goal is to crack the defenses of emerging technologies before the “bad guys” do, says Steve Povolny, head of the advanced threat research division. 

“The bad guys can be anybody from a script kiddie [an unskilled hacker who uses borrowed code] practicing their skills in their mom’s basement to a well-funded nation state,” he says.

It’s hard to sleep easy after a visit to the threat research lab, where young programmers toy with the innards of a Nissan Leaf, a hospital’s bedside monitoring system and wi-fi routers.

The venue counters the excitement over autonomous vehicles and smart homes by demonstrating how easily the technology can be exploited. Fooling a self-driving car, for example, is as easy as slapping a sticker on a stop sign. The addition makes the car think it’s seeing a 65 mph speed limit sign.

IMG 1926A makeshift Nissan Leaf dashboard in the lab. 

A few lines of code can cause false patient vitals to appear on a doctor’s screen, misdirecting decisions about medications and treatment. In another hack, programmers input code through a dialog on the Microsoft Windows lock screen with the voice assistant Cortana. The code changes the user’s password to “1234,” and in a few more seconds, the Povolny is in. (Microsoft has since fixed this particular vulnerability).

One table features an array of lockpicks beside various combination and key locks. The analog devices seem out of place in a high-tech cybercrime lab, but Povolny says understanding physical vulnerabilities is key to addressing their virtual counterparts.

Cybersecurity professionals learn how to scale walls and fences to get in the mindset for attacking computer firewalls.

The lab operates on principles similar to the first rule of Chuck Palahniuk’s novel, Fight Club: You don’t talk about it, anywhere. Povolny wouldn’t discuss his work outside the walls of the lab, even elsewhere in the security provider’s headquarters. He declined to say how much the lab costs or how many people work there.

Povolny and his team complement the work of in-house security experts at Microsoft and other vendors, but they also turn up the heat. When McAfee finds a vulnerability, it gives the vendor up to 120 days to patch the hole. Then it releases the hack to the public. Everything on display in the lab has already been publicly disclosed. The goal is to protect customers and reduce the global footprint of cybercrime.

One hundred and twenty days is actually a relatively long grace period in the security industry, Povolny says. Google allows 90 days, with a few exceptions. He says setting a specific time frame pressures vendors to proactively confront issues.

IMG 1927Another desk features lock-picking tools. 

The lab’s work benefits from a sense of urgency.

In a recent case, lab researchers foiled a group running a string of illegal cryptocurrency mining rigs throughout Europe.

Even established businesses in legacy industries face growing cybercrime threats. And the other side is well-funded and well-connected. Says Povolny: “There’s never enough time and people to cover it all.”

To subscribe to Oregon Business, click here.

Latest from Caleb Diehl