Out of the Shadows

If you’re indoors and breathing, chances are there’s a heating, ventilating, and air conditioning (HVAC) machine outside. HVAC units keep buildings warm through the winter, cool in the summer, and us breathing fresh oxygen year round. The units are meant to provide comfort, not to endanger us.

A couple of years ago, however, hackers exploited a near invisible vulnerability in an HVAC system to break into the internal networks of a major retailer. Using infectious malware, they boosted network credentials from the HVAC systems vendor that kept the retailer’s building circulated with air. With those credentials on file, they had their way in—a license to steal, using nothing but keystrokes and code.

Install malware to steal credentials. Exploit web application vulnerability. Search relevant targets for propagation. Steal access token. Create new admin credentials. Propagate to relevant computers. Install malware. Steal PII. Install malware. Steal 40 million credit cards. Mission accomplished. [0101] <G:\blackhat\goal: accomplished>

Meet the 21st-century bank robber.

Devastating attacks like these are not unusual; in fact, they’re increasingly routine and relentless. Malicious hackers don’t operate like traditional thieves. They rarely plan a heist with a single entry point, rehearse it, and attempt to execute. Instead, they poke, prod, and pry at every imaginable vulnerability in a system.

From dark corners, these criminals work in secret to exploit any vulnerability, however small, in the devices that connect us—from cellphones, to laptops, to building sensors that monitor oxygen levels—in an attempt to steal our data and disrupt our way of life. You don’t know when or how they’ll attack. Just that they will.

In response, Booz Allen assembled Dark Labs: an elite group of vulnerability and malware analysts, reverse engineers, and data sientists dedicated to anticipating, outmaneuvering, outsmarting, and preventing malicious hackers from breaking into critical infrastructure and proprietary systems.

The Dark Labs team doesn’t simply respond to individual cyber incidents or conduct network penetration testing. They act as guardians, investigators, and curious, inquisitive problem solvers. They’re trained and charged to sniff out patterns of life in network data, code, and firmware that would seem meaningless to an ordinary person.

“We have world class cyber talent at Booz Allen,” says Vice President and Dark Labs Director Chad Gray. “And we’re unleashing them—the best of the best from the intelligence community—against the most complex, growing problems
in commercial and international markets.”

Dark Labs is small by design. Inside nondescript buildings across the country, several lean, agile project teams of three to six people huddle in open workspaces. Here, teams are given broad autonomy to develop original security products and solutions that cast light on the most opaque challenges across industries.

“We empower our experts to work on what’s exciting and challenging to them. We established a cultural expectation for them to test hypotheses and fail forward,” says Chad.

Dark Labs’ research and development focuses on emerging cyber threats and technologies. Particular attention is paid to enterprise and industrial systems that protect critical infrastructure, such as connected vehicles, financial institutions, and oil and gas networks. The team also focuses on finding and fixing vulnerabilities in things like automation systems, medical devices, and traffic control systems through responsible disclosure.

The Dark Labs team regularly performs a variety of network reconnaissance and rapid prototyping, reverse-engineers apps, finds vulnerabilities, and writes threat reports to stay ahead of hackers.

“We’re not just thinking about the challenges of today, but what’s going to strike 10 years from now,” says Senior Associate and Dark Labs Deputy Director Will Farrell.

Indeed, Dark Labs illuminates the critical vulnerabilities in the things many of us see every day. Last summer, for example, a Dark Labs team and a cohort of interns reverse-engineered a traffic light control system used throughout thousands of cities and towns across America. The “Green Light Project,” as it was called, identified eight vulnerabilities that, if exploited, would create chaos on our nation’s roads and highways.

The Dark Labs team coded a software patch to fix the traffic light control system vulnerabilities, and then gave it away for free to system vendors and municipalities—preemptively solving a previously unknown security issue.

That’s what Dark Labs strives for: seeing what others can’t, and fixing it.

In the coming months, Booz Allen’s clients and partners will be invited into Dark Labs. Together, they’ll work with our experts to co-develop and co-invest in new solutions that prevent attacks before they happen.

“Our ultimate vision is not to be out there simply triaging broken systems,” says Will. “Instead, we want to partner with organizations during their engineering and development cycle to secure their systems from the very beginning.”

It’s about time cyber security got some fresh air.