Investigators, Notre Dame partner with tech company to combat hacking in St. Joseph County

Marek Mazurek, South Bend Tribune
·4 min read
Mitch Kajzer, right, gestures to a map of malware attacks made by Magnet Forensics during a press conference at Notre Dame on Wednesday April 5, 2023.
Mitch Kajzer, right, gestures to a map of malware attacks made by Magnet Forensics during a press conference at Notre Dame on Wednesday April 5, 2023.

SOUTH BEND — Hundreds, if not thousands, of pinpoints appeared on a map of the United States at a press conference at the St. Joseph County Cyber Crimes Unit office Wednesday, each one indicating a malware attack.

Most of the attacks go undetected, sometimes for years, by the individuals and companies that are targeted but officials with the St. Joseph County Prosecutor's office and the University of Notre Dame are hoping to change that locally.

In what St. Joseph County Prosecutor Ken Cotter said is the first partnership like it in the country, the prosecutor's office's cyber crimes unit is teaming up with researchers at Notre Dame and private company Magnet Forensics to monitor and investigate targeted malware attacks and hacking attempts in real time in what officials are dubbing the Proactive Incident Response Initiative.

Cyber Crime: Notre Dame students intern with St. Joseph County Cyber Crimes Unit

"We're trying to be more proactive. We're trying to help our community when they're getting attacked by malware," Cotter said.

The initiative is anchored by Magnet, which tracks malware attempts through messages and data sent via IP addresses over the internet. Using its tracking capabilities, Magnet has created a map that tracks nefarious activity in real time and locates individuals servers or computers affected by the malware. Magnet is giving the county's cyber crimes unit and Notre Dame access to the software as a trial run free of charge.

Mitch Kajzer, the executive director of the cyber crimes unit, explained that once investigators see where malware attacks are happening, they alert the individual or business that their system has been infected, potentially preventing the malware to spread and stopping data from being stolen or held for ransom.

In some cases, investigators can serve a warrant to investigate the breach more closely and attempt to find where it came from and potentially file charges against a perpetrator. Researchers with Notre Dame's Center for Research Computing also assist by looking at the data collected and formulating better solutions to combat future malware attacks.

"To address this issue it has to be a collaborative effort between law enforcement, academia and the private sector," Kajzer said. "They all need to work together towards this."

Kajzer said many software research companies collect similar data and likely have maps of real time malware attacks, but Magnet is the first to share its technology with law enforcement and researchers.

"Often you have to use very sophisticated cryptography or AI to stay ahead," said Jarek Nabrzyski director of the university's center for research computing. "We believe that research is very important to stay ahead of the hackers to address these problems before they happen."

The initiative has been active for around a month and in that time, Kajzer said, five cases of malware were detected in St. Joseph County. In four of those instances, the cyber crimes team notified the owners of the affected computers and let them clean up the malware on their own. In the other incident, the unit — including some Notre Dame students — served a search warrant and determined that a Bitcoin miner had infiltrated the company's computers back in 2019.

Kajzer estimated fewer than 10% of people and companies affected by malicious software are aware of it, making the new proactive initiative all the more valuable to the community. According to industry projections, ransomware attacks cost around $20 billion in 2021.

The partnership between the cyber crimes unit and Notre Dame goes back to 2015, when the unit was restarted after being cut due to budget constraints in 2008. At that time, the unit comprised just one investigator and one student worker, though the partnership has now grown to three full-time detectives and 21 undergraduate students.

The cyber crimes unit is also now housed on Notre Dame's campus in Hammes Mowbray Hall as it outgrew the space available in the County City Building.

For now, the tracking software comes at no cost to the prosecutor's office through Magnet, though Cotter said he's looking for ways to fund more student workers to handle the extra workload the malware incidents entail. Overall, Cotter said, Magnet's software lets the cyber crimes unit be more proactive in addressing an uncharted area of criminal activity.

"Our investigators with the cyber unit, they can also say 'I'm not only helping solve crime. I'm helping stop a crime from occurring,'" Cotter said. "It's more more proactive than it is reactive."

Email Marek Mazurek at mmazurek@sbtinfo.com. Follow him on Twitter: @marek_mazurek

This article originally appeared on South Bend Tribune: Investigators, Notre Dame partner with tech company to combat hacking