Xconomist of the Week: Stefan Savage on Computer Security

The evolution of computer security is not merely some dark mirror, passively reflecting advances in technology. While technology provides new opportunities for threats, these become true dangers only when there is a motivation to exploit them and a means to do so.

Stefan Savage, writing in The New York Times, Dec. 5, 2011.

By his own admission, Stefan Savage’s interests are all over the map.

Savage is a professor of computer science at the University of California, San Diego, who works on computer and network security issues with researchers at the University of Washington, where he got his PhD, as well as UC Berkeley, the University of Illinois at Urbana-Champaign, and elsewhere.

Last year, a team led by Savage and UW’s Tadayoshi Kohno showed that a hacker with physical access to an automotive electronic control unit could alter software to stop the engine, disable the brakes, and carry out other nefarious tasks. In follow-up research published earlier this year, Savage and company said they had succeeded in performing similar tasks remotely—using the cellular phone in a car to insert malicious software that enabled them to override various vehicle controls. (Their findings can be found at the website of the Center for Automotive Embedded Systems Security, a UW-UCSD collaboration.)

Savage also has helped lead wide-ranging studies of Internet spam, outlining the global “ecosystem” that supports compromised accounts, spam mailers, credit cards, e-mail lists, and other tools of the trade. This work led to a comprehensive study of just how much revenue spam advertising can generate, even when most of the spam is blocked. In a recently published paper, the scientists from Berkeley and San Diego counted more than 100,000 orders a month in just one spam network. The group also offered a “rough but well-founded” estimate that revenue generated from spam-advertised pharmaceutical drugs amounts to tens of millions of dollars a year.

He recently fielded some questions from Xconomy:

Xconomy: You’ve been involved in so many different aspects of cyber-security. What do you see as the single biggest danger in

Pages: Page 1, Page 2, Page 3, Page 4

Author: Bruce V. Bigelow

In Memoriam: Our dear friend Bruce V. Bigelow passed away on June 29, 2018. He was the editor of Xconomy San Diego from 2008 to 2018. Read more about his life and work here. Bruce Bigelow joined Xconomy from the business desk of the San Diego Union-Tribune. He was a member of the team of reporters who were awarded the 2006 Pulitzer Prize in National Reporting for uncovering bribes paid to San Diego Republican Rep. Randy “Duke” Cunningham in exchange for special legislation earmarks. He also shared a 2006 award for enterprise reporting from the Society of Business Editors and Writers for “In Harm’s Way,” an article about the extraordinary casualty rate among employees working in Iraq for San Diego’s Titan Corp. He has written extensively about the 2002 corporate accounting scandal at software goliath Peregrine Systems. He also was a Gerald Loeb Award finalist and National Headline Award winner for “The Toymaker,” a 14-part chronicle of a San Diego start-up company. He takes special satisfaction, though, that the series was included in the library for nonfiction narrative journalism at the Nieman Foundation for Journalism at Harvard University. Bigelow graduated from U.C. Berkeley in 1977 with a degree in English Literature and from the Columbia University Graduate School of Journalism in 1979. Before joining the Union-Tribune in 1990, he worked for the Associated Press in Los Angeles and The Kansas City Times.