Cybercrime Fighter Wins Genius Award

Stefan Savage awarded $625,000 from MacArthur Foundation for unorthodox approach to cybersecurity

Photo by Erik Jepsen/UC San Diego Publications

A few weeks ago, Stefan Savage, a UC San Diego computer science professor started receiving calls on a daily basis—sometimes more than once a day—from a phone number with a Chicago area code. The caller didn’t leave a voicemail. Savage never answers calls from a number he doesn’t recognize. He is a security researcher and at least one of his collaborators has been targeted by cybercriminals. So he looked up the phone number. To his relief, it tracked back to the MacArthur Foundation’s headquarters in Chicago.

A few phone calls later, after he was asked to prove his identity, Savage found out that he was one of the 2017 MacArthur Fellows. Better known as the MacArthur “genius” award, the prestigious, no-strings attached five-year fellowship awards a total of $625,000 to each recipient.

The MacArthur fellowship recognizes individuals whose work has demonstrated exceptional creativity; promise for important future advances based on a track record of significant accomplishments; and potential for the fellowship to facilitate subsequent creative work. Some of the better-known recipients of the MacArthur fellowship include paleontologist Stephen Jay Gould, writer and cultural critic Susan Sontag and Lin Manuel Miranda, the creator of the wildly successful Broadway musical “Hamilton.”

Savage is being recognized for “identifying and addressing the technological, economic and social vulnerabilities underlying internet security challenges and cybercrime.”

It’s easy to see how his track record and the impact of his work attracted the attention of the MacArthur Foundation. Savage, his students, and academic and industry collaborators have hacked into cars remotely to point out security vulnerabilities. They’ve tracked the financial transactions responsible for funding email spam campaigns and botnets around the world. And they’ve found ways to pinpoint the source of attacks that cripple the internet and large websites such as Amazon and Facebook.

“There are not that many people known for being a world leader in any single area of science, but Stefan is known for being a world leader in multiple areas, including the study of botnets and worms, the criminal underground economy, and cyber-physical systems and modern automobiles,” said Tadayoshi Kohno, a cybersecurity expert in his own right at the University of Washington, who earned a Ph.D. here at UC San Diego.

Savage and colleagues have taken an expansive view of what it means to study cybersecurity. Essentially, they bring together computer science and the social sciences by taking into account economics, policy and regulations, not just technology. While this is not the typical approach to cybersecurity research, Savage’s path into the field, and computer science in general, is somewhat unique. He earned an undergraduate degree in history, after all, before going on to pursue a Ph.D. in computer science.

“Fighting cyber threats requires more than just understanding technologies and the risks they’re associated with; it requires understanding human nature,” Savage said in 2012. “At its heart, cybersecurity is a human issue. It’s about conflict, and computers are merely the medium where this conflict takes place.”

As computers are increasingly embedded into objects we use every day, from cars to coffee makers, and into our daily routines, Savage’s research is likely to keep making a lasting positive impact.

He says that he hasn’t yet formulated specific plans for how he will use funds from his MacArthur fellowship. But he assumes that the notoriety that comes with the award will open doors for him and his colleagues. This is especially valuable because the results of their work have significant policy implications.

“This award recognizes the creative and innovative research Stefan has been conducting since he joined the faculty here at UC San Diego 17 years ago,” said Chancellor Pradeep K. Khosla. “His work has had a tremendous impact on disrupting cybercriminal networks and on raising awareness about how vulnerable cars can be to cybersecurity threats. Stefan exemplifies UC San Diego's culture of innovation that is positively impacting our global society.”

Savage has been on the faculty of the UC San Diego Jacobs School of Engineering since 2000. He is a professor in the Department of Computer Science and Engineering and has held the Irwin Mark and Joan Klein Jacobs Chair in Information and Computer Science since 2016.

“It’s wonderful to see Stefan Savage being recognized for his boundary-breaking research,” said Albert P. Pisano, Dean of the Jacobs School of Engineering. “Stefan is an outstanding scholar, teacher and mentor. In addition, he embraces the hard work necessary to ensure that his teams’ security research makes real and lasting impacts on society,”

Cybersecurity in cars

In 2010, Savage and colleagues were the first to demonstrate the ability to hack an automobile remotely—including taking control over the engine and brakes and monitoring conversations taking place within the car. In addition to working with car manufacturers, regulators and automotive standards bodies to fix these immediate security threats, Savage and collaborators have also investigated how the idiosyncrasies of the automobile sector’s supply chains give rise to compromised car software—and make it harder to fix that software.

Savage has advocated for better regulation of internet-connected devices in cars, in order to create built-in defenses against hacking within these systems. Since then, the growing prevalence of physical “smart” devices in our lives has made network cybersecurity an increasingly urgent priority.

“We knew nothing about automobiles, but we knew a fair amount about computer security,” Savage said in a video provided by the MacArthur Foundation. “All of the automotive companies, to varying extents, now take the cybersecurity threat seriously.”

In 2015, he was part of a team that showed they could control a vehicle by remotely and wirelessly hacking into a gadget that plugs into a car’s dashboard. Some insurance firms use the device to monitor cars and trucks for good driving.

The economics of cybercrime

Savage is the lead researcher on a five-year, $10 million grant from the National Science Foundation to map out illicit activities taking place in the cybersecurity underworld and to understand how the mind of a cybercriminal works.

Economics comes to the forefront in understanding how the world of modern cybercrime works, including the motives behind the vast majority of internet attacks, and the elaborate marketplaces that support them. Social interactions are key to understanding how venues such as Facebook and Twitter present new opportunities for attacks and manipulation, and to understanding the relationships among cybercriminals, who heavily rely upon one another for services and know-how.

The researchers investigated how criminals make money, their economic and social relationships, and the various ways they interact with victims and defenders to achieve their goals. Savage and colleagues hope that by better understanding these dynamics, they will be able to identify the best opportunities for interventions and defenses against cybercrime.

Savage and colleagues were able to identify a critical bottleneck for spam email campaigns and online counterfeit goods transactions: only a few banks accept the credit card transactions necessary for these online ventures to monetize their activities. These findings allowed the drug and credit card companies to disrupt the business models of several counterfeit drug rings to such an extent that they collapsed.

Defenses against malware and distributed denial of service attacks

Earlier in his career, Savage and fellow computer science professor Geoff Voelker worked to better understand denial-of-service attacks that disable servers linked to the internet by overloading them with messages, which usually contain false source addresses (“spoofing”) to conceal the location of the attacker. They used key features of those forged addresses to detect and track the attacks.

These attacks remain a problem and have crippled even the likes of Google and Amazon in recent years, with message overload topping at a reported 1.1 terabits per second in 2016. The 2001 study’s relevance today was demonstrated when it received the 2017 USENIX Security Test of Time Award this summer.

In addition, to impede the spread of fast-acting worms, which can quickly compromise an entire computer network, Savage, colleagues and students devised a method for automatically measuring unusual data patterns and identifying worm signatures (or recurring strings of code) across a network.

Brief biography

Savage received a bachelor’s degree in applied history from Carnegie Mellon University in 1991 and a Ph.D. in computer science from the University of Washington in 2002. He is part of both the Systems and Networking Group and the Security Group in the Department of Computer Science and Engineering at the UC San Diego Jacobs School of Engineering.

Savage has published more than 100 peer-reviewed journal and conference papers in the wide-ranging areas of the economics of e-crime, characterizing availability, automotive systems, routing protocols, and data center virtualization.

A Sloan Fellow, Savage is also a recent recipient of the ACM Prize in Computing, recognizing individuals who have made a “fundamental innovative contribution in computing that, through its depth, impact and broad implications, exemplifies the greatest achievements in the discipline.” In 2013, Savage received the ACM Mark Weiser Award, given annually to an individual who has “demonstrated creativity and innovation in operating systems research.” Savage is a co-director of the Center for Networked Systems at UC San Diego and co-director of the multi-institutional Center for Evidence-based Security Research.

His Ph.D. students have gone on to work at prestigious academic institutions and Silicon Valley companies, including New York University, University College London, Google and Facebook.

Past campus recipients

Previous recipients of the MacArthur fellowship currently on the UC San Diego faculty are: Dean of the Division of Social Sciences Carol Padden, anthropology professor Guillermo Algaze, philosophy professor Nancy Cartwright and pharmacology professor Kun-Liang Guan. In addition, a number of emeritus faculty also have received the award in the past.