During the summers of 2016, 2017, 2018 and 2019 the Cyber Resilience Institute ran internship programs for graduate and undergraduate students in computer science, information technology, law, and international affairs. Training is delivered on a virtual platform and students get hands-on practice with cyber threat hunting best practices on a threat intelligence platform. At the end of each training program students are given the opportunity to participate in a pop-up Security Operations Center (SOC) for a global sporting event.
2016 Summer Olympics
- Monitored and reported Anonymous and Fancy Bear attacks
- A Pop-up SOC hosted at a Colorado National Guard facility
- Demonstration of public/private partnership operations and coordination with the FBI Field Office
- Analysis and visualization of Mirai data sets
2017 IAAF World Championships
- Over 20 Corporate Sponsors
- College students from over 30 Universities
- Collaboration via reporting to DHS
- Fusion of Social Media and cyber attack data
- Analysis of Grizzly Steppe data
2018 Winter Olympics
- Discovery and tracking of the Olympic Destroyer Malware
- Tracking of multiple influence operations
2018 FIFA Men’s World Cup
- Discovery of significant St. Petersburg-based Internet Research Agency (IRA) activity that has now been made public through indictments of Russian citizens and the recent reports to the US Senate Select Committee on Intelligence on social media influence operations by 28 countries and the IRA’s extensive and well-funded operation.
2019 FIFA Women’s World Cup
- Ongoing monitoring of APT activities throughout the games; topics that generated attack traffic included gender pay inequality and LGBT rights. During this operation it became much more clear to us how criminal gangs were using “free” video-streaming sites to lure victims to sites infected with malware. Once at the infected sites users were subjected to various ad click fraud schemes, botnet recruitment and other maliciousness. Ad fraud is a multi-million dollar criminal enterprise; our threat hunting documented the mechanics of several of the criminal gangs involved in this activity.
2020 COVID-19 Attacks Tracking
- During the summer of 2020 we compressed the training schedule into a 4-week intensive (3 weeks of coursework and 1 week of a Capstone project). We also pivoted to focus on the uptick of attacks on hospitals, pharmaceutical companies and other health care providers during the pandemic. We found evidence of ongoing efforts by familiar threat actors to defraud their victims using ransomware and other extortion practices. Tracking ongoing.
We are currently recruiting for the upcoming c-Watch 2020. Our objectives are to train the students on basic skills in cyber threat hunting using both a threat intelligence platform and social media threat hunting tools.
During each of our previous programs a wide range of speakers from many global corporations participated in the lecture series. This included representatives from Facebook, Target, Chevron, Symantec, TruSTAR, Dunami, InfoCyte and the Cyber Threat Intelligence Network, among others. Students were trained on the methods and models of cyber threat hunting with the intent of establishing a crowd-sourced cadre of cyber threat hunters skilled in understanding the trade craft and nomenclature.
Graduates from our programs are eligible to be nominated to our CrowdWatch cadre.