I n a basement at the University of New Haven, a windowless room is filled with spiffy, large-screen desktop computers.
When it comes time to work, however, students pull out their laptops. “I wouldn’t use those,” one student warns. Apparently, the slick-looking desktops are actually petri dishes filled with infectious malware.
“They call this the virus lab,” Ibrahim “Abe” Baggili says, but, more officially, it’s called the Cyber Forensic Research and Education Laboratory. Co-directed by Baggili and Frank Breitinger, the best and brightest of the university’s hacking and cyber forensics classes come here to “tear apart stuff and hack into things,” as grad student Christopher Meffert puts it. That includes an ATM sitting in the corner, which Baggili says the lab bought through Craigslist.
Everyone in the course specializes in some offshoot of cyber forensics. Some are reverse engineering computer viruses, some are studying smart watches and others are using virtual reality (VR) to try and cure phobias. The main focus, however, is thwarting the people Baggili refers to as “the bad guys”—hackers and computer whizzes the world over who are getting access to private files and information and using it for “nefarious means.”
The room’s atmosphere is a close cousin to precinct offices in television procedurals like Law & Order. The members of the lab communicate with a ribbing jocularity, and are forever thinking of their bad-guy counterparts. Instead of fingerprints and witness reports, however, the members of the cyber forensics lab investigate lines of code and the devices we surround ourselves with.
The lab was trying to break into iPhones while the FBI was doing the same in the wake of the San Bernardino shootings. Last year, Xialou Zhang, a full-time researcher at the lab, had just perfected a method for breaking into vault apps—applications built to house sensitive files users want to hide—when police enforcement came calling with a case that hinged on being able to bypass those same encryptions. “We sent them a line of code the next day,” Baggili says. They’re currently working on the cyber forensics of drones, with an eye toward thwarting ISIS’s use of consumer drones to drop bombs.
As of-the-moment as the lab may seem, Baggili says it’s always playing catch-up. When someone stores illegal photos on the dark web, or hacks into smart devices in your home, then it’s up to these students and others like them to try and follow in the criminals’ virtual footsteps. That said, Baggili and his students also try to “anticipate” the bad guys’ next move.
“I was thinking that a cool project would be to do a forensics of VR goggles,” Baggili says as I strap myself into a set of the goggles and lose sight of the world around me. “Because the perfect way to kill someone is when they’re wearing VR goggles. It’s a cynical thing to say but it’s true—someone’s going to do it.” He had a point. While standing in a sparse, undecorated room surrounded by grad students, I suddenly found myself walking through the brightly colored, dreamy landscape of Van Gogh’s The Night Cafe. Then I went swimming through an artery, where I was able to squeeze a red blood cell as if it were a pillow and generate a strand of DNA with a click of the controller. It was fun, but I was vulnerable.
While most people are more frightened of home invasion than the electronic kind, fear of the latter is catching up. The members of the cyber forensics lab are convinced that hacking is the crime of the future, primarily because we’ve surrounded ourselves with “so many different devices and software and tools that we’re using on a daily basis, and we don’t really understand how they work,” grad student Dan Walnycky says. “Everyone should be able to understand what they’re using. Is my privacy being compromised or not? I think everyone deserves to know that.”
Baggili asks Walnycky to show me his phone. He pulls it out to reveal that he’s covered the camera with black electrical tape, and he says that he’s taped his laptop camera as well. “Privacy is a human right,” he says. “I’m very passionate about that. Don’t trust your technology,” to which fellow student Matuesz Topor replies, “I don’t think we really have much of a choice.”
It’s a problem that the professors and researchers at the cyber forensics lab are painfully aware of, in addition to their own power and responsibility. Baggili says that a lot of their work—hacking into apps and hard drives, for example—“kind of tamper[s] with people’s privacy. But at the same time, we have to do it so that when people do it for criminal reasons, we can catch them,” he says. “It becomes sort of a gray area. It’s an ethical question. But the reality is that there are bad guys out there. And if the good guys don’t know as much as the bad guys, it’s much worse.”
Written and photographed by Sorrel Westbrook.