Question/Answer

Prepare for the Zombie Invasion By Rebecca Rule '76, '79G

Joshua Corman '98, an avid UNH hockey fan (is there any other kind?), doesn't get to many games. As the principal security strategist for IBM Internet Security Systems, he travels a lot, spreading the word about security risks. Network World named him one of the "Top Ten Tech People You Should Know." He lives in Dover, N.H., with wife Lisa and daughters Kaylee and Cassandra.

Joshua Corman '98 (Photo by Erin Gleason, UNH Photographic Services)

Q: What's the story behind Cassandra's name?

A: In mythology, Cassandra had the gift of prophesy, but her curse was that no one believed her. It's a classic reference for people who are thinking a little farther down the road than most.

Q: You see the future, but no one believes you.

A: They're starting to. I'm often asked, "What's the biggest threat to national security?"

Q: You say?

A: My mother-in-law. Well, her computer, your computer, your kid's computer. The leper colony, I call them. My business customers have money to spend preventing attacks. They're doing an OK job. But no one cares about the leper colony. Many people don't even pay the $50 for fairly useless antivirus software. There are millions who can be infected with botnets.

Q: Botnets?

A: For 20 years, viruses were created for prestige, to be famous in underground hacking circles. Now the bad guys hook all your computers together to create a botnet that works like one big computer—a new kind of malicious code. These attacks are more serious, sophisticated and well-funded. Your adversary is not a 14-year-old making a name for himself, it's organized crime.

Q: How can criminals profit from my computer?

A: When your computer's getting slower, they're using it to send spam or store illegal materials. One U.S. city ran out of space in their data center. They asked us to find out why. We found gigabytes of child porn. They're manipulating the stock market or launching a DDoS—Distributed Denial of Service Attack—that knocks off a power grid. Hackers targeted a Louisiana grid, took it offline and demanded ransom.

Q: And the owners of the computers have no idea.

A: We're talking good and evil. There's so much innovation among the bad guys, we need to be innovative for the good guys. Political attacks are even scarier. The nation of Estonia was taken off the Internet for two weeks. Estonia wanted to move some statues of Russian war heroes. In retaliation, Russian "patriots" took Estonia off the Internet.

Q: During the ice storm we couldn't use phones, computers or buy gas in town, and we freaked out.

A: As it was happening, I said, "If we don't get our act together on national security against cyber attacks, this could be a regular occurrence."

Q: Do you like sci-fi movies? Just wondering.

A: I like zombie movies. Botnets are sometimes called zombies. In zombie movies, there's a perimeter, just like in security. You have to keep the zombies from getting into the house.

Q: "Night of the Living Dead."

A: Exactly. Invariably they get through. We're not prepared for the zombie invasion. We talk about the digital Pearl Harbor. This is what keeps me up at night. The bad guys have outpaced the good guys. If they want to take down our power grids, they can. I warned of cyber attacks on U.S. military bases. Now we hear congressional testimony that bases have been hacked. For years, we've been playing checkers. We have to start playing chess. ~