Justin (‘20) is majoring in Computer Science and minoring in Fine Arts. What does hacking, making music, skiing, cooking and creating art have in common? I’m
So tell me about this cybersecurity business you started?
My two friends and I took a free computer science class together and then we started teaching ourselves cybersecurity stuff just because it was fun to try and attack each other. Basically, it is penetration testing where you just try and hack a computer that you own or a system that you have permission to test for vulnerabilities in. You assume the role of an attacker and try to catch potential flaws in the system before an actual attacker is able to. In the summer of freshman year, we went to Boston with nothing better to do and eventually did some research to learn more about cybersecurity. We ended up with a couple of contracts for small businesses in the area and would write them a big report covering their potential vulnerabilities and how they could mitigate security risks. The main thing you want to go for is remote execution where you can have control over somebody else’s computer. I did a lot of social engineering stuff like phishing emails. There’s something that just feels wrong about being able to hack into and read people’s emails, even when you know that they’re paying you to do it.
That’s cool. What are you guys currently working on?
During the summer we were working on making our own security device as well as working with a physical security company, and eventually, we started doing some consulting work with them. We are currently working with them on a threat intelligence platform for functions such as incident visualization. For example, here is a map of Honduras that we have coded with demo data, and you can see that there’s a riot here. Security teams and logistics firms can use this information about the riot, for example, to figure out a safer route. All of this information comes from things like open source databases, news scraping and people are also able to report what is happening around them. Right now, we’re focusing on businesses in emerging markets such as Central America.
These businesses can use this platform as a system for inputting reports and staying up to date with basic intelligence. Right now, there isn’t a very good way of doing nor for sharing intelligence to the operators in the field or between companies. The idea is that if multiple companies are using the platform, we can do basic data analytics on this collective data in order to kind of predict areas of higher risk and to track any malicious groups in the area, like cartels or gangs.
We created a little device that you could put on a network in order to scan for all of the nearby IoT devices check for common vulnerabilities. One of the problems with IoT is that it’s a very new industry so there is this sort of boom in devices and people trying to rush new products to market, even though the security isn’t very well understood yet. As a result, there are a lot of insecure and cheaply made devices. One of the main issues is that most of these little devices are created with hard-coded passwords. For example, the manufacturer may literally set the password as ‘password’. The idea is that you whenever you buy one of these devices, you then manually go in and change the default password. In reality, it’s kind of hard to do and people just don’t bother to change the default password. Ad a result, attackers are able to crack these default passwords and hack these devices with pretty high success rates.
Was it difficult to learn how to do this kind of thing?
It’s not necessarily difficult teaching yourself about cybersecurity, especially if you have some experience in computer science already. However, in general, there are things that tend not to work a lot of the time so you’ll spend a lot of time playing around with things and using online tutorials. The process of learning includes a lot of trial and error…and a lot of breaking things in general.
What was something surprising or interesting you came across in the learning process?
Last year, we started getting more interested in the more physical side cybersecurity — embedded systems and the Internet of Things. We did some research on malware that affected IoT devices like security cameras, smart thermostats… anything that’s not a traditional computer but runs as if it were connected internet.
Once we did a physical cyber penetration test on a water plant. We had these ex-marines with bulletproof vests break-in to the facility during the middle of the day and plant these little devices. I was the getaway driver, and one of my friends was waiting in a cafe nearby, connected to the planted devices. That was a lot of fun.
Can you try hacking my website???
What is it hosted on?
WordPress is generally secure and in terms of websites, there’s normally not much you can do to them unless you manipulate the search bar.
Good to know… I feel as though our world today is pretty saturated with technology, and there are growing fears that ‘technology will take over the world’. Do you think that our reliance on technology is indeed detrimental and dangerous, or do you hold a more optimistic outlook?
I think technology is outpacing us for sure. There are a lot of interesting ethical dilemmas, especially around data and privacy, and new inventions like self-driving cars. We’re only just realizing now the sheer amount of data companies like Google and Facebook have about us, and I think that, ultimately, only through some sort of drastic problem will we see large-scale policies controlling this type of data collection being enforced.
On the other hand, technology has helped us in many ways. In the beginning, it was just helping us do math problems that would take too long by hand. Nowadays, technology has improved most aspects of our daily lives and
So supercomputers won’t take over the world?
I don’t know… I feel like that is definitely a possibility but it’s more probable that humans will misuse technology and screw things up before we can even get to that stage.
Everybody is talking about self-driving cars and I think that the potential ethical implications for this kind of technology are really interesting. It’s kind of like the classic trolley problem: if you’re in the car and somebody runs out into the road, is the car programmed to swerve out of the way, putting the driver and passengers at risk?
How did you end up building your own guitar?
I went to a boarding school and after school, we would have to play sports or do some other type of activity. I did soccer and skiing but wasn’t too serious about either of those. Halfway through senior year, I didn’t feel like playing anymore and wanted to try out something different. At that time, my school just purchased a warehouse on the edge of campus and the called it the ‘Makerspace’ — essentially a program for ‘creative’ projects where students are just given money to build things. I have played guitar for most of my life, mostly sporadically and just for fun. I’m trying to play more often, and even though I’m a terrible singer, I love messing around and writing random things even if not they’re not great.
Your interests seem to span various domains. Is there some sort of common factor that brings them all together?
I think it’s more interesting being involved in a range of things and there’s more of an opportunity to connect with a variety of people, and it just makes life interesting. Maybe there’s a theme of creating things…even in skiing, there’s definitely some sort of creative aspect, especially in freeskiing. It’s just a really cool experience — one of my favorite things is to ski out of bounds into places people haven’t been before. It’s just sort of open wilderness that is so beautiful, and also the adrenaline rush is pretty great.
What is something you would recommend?
I always recommend that people should take a computer science class because I think it’s actually a lot of fun. It lets you explore this mindset focused on problem-solving. In general, I think this kind of knowledge is super relevant these days and it is cool to be able to understand a little bit of how it all works. Aside from that, I’m aspiring to just be more open and say yes to more things.
What is one of your favorite things about Penn?
There is so much opportunity to do a range of things and meet a range of people here with different experiences and backgrounds.
What is something you would like to change about Penn?
I feel as though because Penn is so big and so diverse that people kind of get siloed within different things and there often isn’t a very strong sense of community. Everyone is just super busy doing their own things and we don’t take the time to reach out to other people. To kind of tackle this, I’ve been getting a weekly dinner going where I cook dinner once a week family-style for my housemates.
I guess I’m more of an introverted person and don’t go out of my way to like talk to people very often, but it’s crazy to think that I’m friends with all these people purely by chance. For example, had I gone to a different school I would have known a whole different set of people. I wonder if that devalues my relationships or, in contrary, makes them more special. The formation of relationships between people is just so arbitrary, and to be fair, so many occurrences in life are generally also so arbitrary.
Who should we talk to next?
Ryan Leone. He just kind of does everything — he is an RA, a leader in Kite and Key, plays sprint football…oh and he’s very good at magic tricks.