Cracking the Code


By Stephen Collins '74
Photography by Brian Speer

When the Jerusalem virus hit the Internet 18 years ago it caused $50 million in damages over three years. In January 2003 the Slammer worm infected more than 90 percent of unprotected servers in 10 minutes and racked up a billion dollars or more in losses.

Chris Ries '05
Illustration by Brian Speer
Meet Chris Ries '05, a computer science major, math minor, and sentry in the battle for cyberland security.

His first order? Know thine enemy. "I have hundreds of worms and viruses and Trojan horses," he said. "They're actually a lot easier to find and collect than you'd think."

With the utmost care and security, Ries studies malicious agents to understand how they operate. Most new versions are actually variants of existing agents, he says. He's concerned that current state-of-the-art defenses against attacks"experts poring over code for a week or two looking for something familiar or malicious"won't stand up.

So, working with Assistant Professor of Computer Science Daniel Bilar, a network security expert, Ries is building a database of information about how viruses and worms interact with the host computer's operating system. His goal is a tool that quickly and automatically identifies and classifies attacks. He plans to put his database online as a resource for academic and commercial cyber-sleuths and writers of anti-virus software.

Ries is no amateur. He spent last summer working for the National Cyber-Forensics and Training Alliance in Pittsburgh, his hometown, and he consulted with the Computer Emergency Response Team at Carnegie-Mellon about his senior-year research.

While hackers initially wrote malicious code for the intellectual challenge, they now do it for profit. "The spam world is like organized crime," he said. "It's hierarchical." Malicious programmers most commonly write code to mask the origin of attack and to steal bandwidth by using host computers to send spam.

"Believe it or not, people actually do get business from spam," he said. If you send enough, even a minuscule response rate can be lucrative. Last summer, he said, "We were investigating spammers who were three or four years older than us who had brand new houses and new cars."

When not in the computer lab, Ries intercepts treacherous  slapshots as a goalie on the varsity men's hockey team.

Said Bilar: "He's very driven and he's very competent." And, knowing the value of malicious code work, Bilar told him "he should invite me onto his yacht in four years. He has a very brilliant future."