main navigation
my pace

Faculty & Staff

back to Faculty & Staff

The Professor Is In: Darren Hayes

News Story

Darren Hayes, PhD, discusses new cybersecurity realities during COVID-19, and how to stay ahead of scams, hackers, and general security risks.

Seidenberg Associate Professor Darren Hayes, PhD, understands the necessity of keeping information safe and secure. An accomplished educator and researcher, Hayes created Pace’s Digital Forensics Research Lab, has partnered with several local, national, and international law enforcement agencies over the course of his career—including the Department of Homeland Security, New York Police Department, and FBI—and is considered a leading expert in digital forensics, intelligence, and cybersecurity.

This month, Hayes took the time to talk with Opportunitas about the unique cybersecurity realities of COVID-19, and the steps organizations and individuals can take to best protect themselves in the face of this new and uncertain environment:

In what ways has COVID-19 altered digital communication systems and networks? Has it created any new or more immediate risks?

It's definitely created a lot more risks. The go-to video conferencing platform, Zoom, is unfortunately fraught with a lot of different security vulnerabilities, and a lot of organizations have learned that the hard way. A number of attorney generals have been talking about investigating Zoom.

It seems like this relatively small company has suddenly had to undertake drastic security measures to try and improve the security protocols of its videoconferencing service.

Given the sudden transition to remote working, have organizations and individuals unintentionally opened themselves up to more cybersecurity vulnerabilities?

A lot of different companies will often go with the cheaper option, and the cheaper option often means that you take on more security risk. A platform like WebEx, for example, is run by a very large company, Cisco, which spends a lot of money on security—but there’s a lot of organizations that are watching their pennies, and they’re going to go with a cheaper platform.

It’s just like when we purchase an IoT device for our home—maybe one of those indoor security cameras—we might go with the cheapest option, which probably has the least amount of security built-in.

Has there been any event in history similar to this, in regards to cybersecurity?

I think that it is new territory, but that are lessons to be learned from other disasters before. With the tsunami in Indonesia in 2004, there were a number of different scams that came after that, and we’ve had many natural disasters in which there have been a lot of different scams. Unfortunately, with the Coronavirus, we have a huge surge in different types of fraud.

One type of fraud, for example, is an email that purports to be from President Trump and the White House about COVID-19, and people click on the link, and it looks exactly like the White House Coronavirus informational website, but now a trojan malware is then downloaded onto the person's computer.

There’s another email (purporting to be from) Mike Pence, for example, which is not about the virus, yet is another phishing scam. There’s been a lot of people who have been illegally selling drugs—who are probably selling something else—which is disturbing as well. For example, hydroxychloroquine, which the President has been touting, some scam artists have been saying they can supply this drug. Researchers have uncovered phishing links to hundreds of websites offering remdesivir, chloroquine (and hydroxychloroquine), Plaquenil, azithromycin, metformin, favipiravir, interferon, lopinavir, ritonavir, and arbitol.

What are some things you’re hoping your current students learn from this situation?

Verify, verify, verify. If anyone sends you an email, and it looks like it could be important and pertains to you, take the time to go to the official website, find the official 800 number for that company, and verify that they did in fact send you a link.

That’s really important, for example, with any email from your bank, or anything related to the IRS. One of the most successful types of scams is somebody purportedly calling from a government agency, like the IRS; you may see that the caller ID matches the IRS number, or you see that 202 area code show up. People, out of fear, do respond to these solicitations, and do lose a lot of money.

What steps can someone take, especially right now, to ensure their personal or organization’s information stays safe?

There’s a lot of things one can do. They have these commercials online and on TV about protecting you from fraud, searching the Dark Web and looking for your information and protecting you, but there’s many things you could do for free to protect you from identity theft. For example, you could put on a fraud alert for all three credit reporting agencies—you don’t even have to be a victim of fraud, you can just use the service, and this means that if anyone tries to set up an account in your name, that they actually have to speak with you and verify a lot of security questions. You could add a freeze with all of the credit reporting agencies, which is free. That means that no inquiries can be made about your credit, or any account that you have, without you removing the freeze with the login and password that you created.

We have more of these internet-enabled devices that are really susceptible to hacking. Changing default passwords on those devices is really important. Searching for those devices on the internet to see if there’s any security vulnerabilities about them, is important. There are a number of helpful resources that identify these types of vulnerabilities.

I would also say the apps on your phone—we’ve been doing a lot of work in the Digital Forensics Lab about apps that may compromise your information. We’ve been looking at FaceApp, which is an app run by a Russian company; we’ve been looking at TikTok, for example. If you realized the type of information that’s being shared by so many different web servers across the world, you would think twice about letting your teenager use these and other apps.