Research Project Summaries

Directed and Supervised by J. A. Lewis
Cyber Defense Research Initiative
Michigan Collegiate Cyber Defense Network

These projects are just a few of the literally hundreds performed and are presented here for general user information. Additional research project summaries will be added as interest in their results is demonstrated.

Current / In development Projects

  • Academic Cyber Defense Competitions:  Composition and analysis of a winning team! The pattern is clear and the results being compiled and will be presented in the near future!  This will include winning strategies, academic development, team dynamics, host environment, tips and techniques acquired from eleven years of cyber team assessments. Direct involvement, observations and analysis of consistently winning teams reveals a pattern of dedication and technique. 
  • Can BitLocker Be Broken once Installed?
    In-development!  Current information is that with advanced system preparation, yes, like any other encryption program, the effectiveness can be bypassed.  The current indications at this point for a system that is already bitlocked, it is leaning towards the doubtful. 
  • Can a Text Message Compromise a Cell Phone?
    In-development! 

Accomplished Projects or Current Results

  1. How far can a legal antenna receive a Local Area Network signal
    On-going project but current range is more than 63 miles. Contrary to common belief, wireless signals travel indefinitely when unrestricted and bounce off of physical structures. Interception at long distances is possible with amplification. Parabolic grid amplified antenna on the west coast of Michigan picked up local area network access points 63 miles across the lake in Wisconsin. It is possible that some of these interceptions are the result of signal bounce. A cell phone, laptop or desktop could not capture such transmissions. 
  2. Neuro-linguistic Programming and Social Engineering – Can someone be compelled to reveal their password ?
    Yes, in many cases! No, in cases where the human target has a trained or conditioned mindset of security, and / or diligence to security policy is their standard operating procedure.  However, if the intended target is naturally or culturally suspicious of most people, these are the fence sitters and can be social engineered over time to reveal such.   The most effective human tool is the unwitting accomplice, i.e., the individual that does not know they are a tool. A stunning realization in this project is that some individuals prefer to be a tool instead of determining their own boundaries, possibly related to BPD.
  1. What is the quickest way to compromise a secure network?
    Get the user to unwittingly do it for you! See # 2 above!  The results of how this works will be held confidential! 
  2. Cyber Espionage. White Collar Crime:

How difficult is it to compromise a secure network and obtain targeted information without being detected.
This project has been completed and the results have been published and were presented by J.A. Lewis in an international law enforcement symposium hosted at the NGO Branch of the United Nations in August of 2012. It was published by CRC Press, Copyright by Taylor and Francis Group, under the title Economic Development, Crime, and Policing, Global Perspectives.  The title of the paper is White Collar Crime:  Cyber Espionage: The results are directly related to accomplished project # 3 and involved only minor software development that a first year college student could script.  This project utilized rudimentary software skills, a TOR network connection, was performed under controlled and monitored conditions and with permission of the host target site.

  1. Can a Wireless Client using a Public WiFi be 100% Compromised?
    Yes! Commonly known as a man-in-the-middle attack, network traffic between a client and the local wireless access point is easily monitored, the clients connection hijacked and the traffic session taken over. A high-gain antenna located in close proximity of the targeted access point and a commonly available Internet interception device are best used. 
  2. Can Human Lie Detection Solve Cybercrimes?
    Absolutely, for a properly trained person! Examination and analysis of non-verbal behavior and micro-expressions has a very high success rate of detecting and separating deception from verbal responses. One individual known to this project has a 97% success rate in solving cybercrimes by analysis of human response. 
  3. Can System Passwords be revealed without the Use of Special Tools?
    In a browser window, yes, with a couple mouse clicks! If located in the security accounts manager (SAM) of the system registry, no. However, very basic tools, readily available for download will reveal system passwords by comparing the hash values.