Three ISU researchers are into the business of nabbing computer criminals by their “fingerprints.”

Tom Daniels, Yong Guan and Julie Dickerson are finding ways to monitor and track down computer hackers who attack the networks and cause damage to companies. What they do is a digital version of criminal fingerprinting.

“We’re connecting the dots,” said Daniels, assistant professor of electrical and computer engineering.

Funded by the Advanced Research and Development Activity, Daniels and the others began this project in fall 2003, he said.

The Advanced Research and Development Activity is a research and development agency for the CIA and several other government agencies. Daniels said the team received about $600,000 for the first stage of research.

Guan, assistant professor of electrical and computer engineering, said corporations are sometimes attacked by hackers who work through “stepping stones,” or other computers. He said using other computers allows hackers to get their missions accomplished without getting caught.

They can make the attack look like it came from another computer, Daniels said.

Daniels said everyone is at risk for being attacked.

“Really, anyone who has a computer that’s permanently on the Internet,” he said.

Daniels said when hackers attack networks, they can obtain financial information, technical knowledge about trade secrets and large databases of credit card numbers.

He also said hackers can send spam through an anonymous source because of “stepping stone” technology.

Daniels said there are a variety of ways and motivations to attack corporations.

“The majority of attacks are from novices,” he said.

Daniels said the more sophisticated hackers are the ones the ISU researchers are trying to track down.

He said hackers use many commonly available tools to attack the many computers not configured properly by their users.

Guan said it only takes 20 seconds to launch the attack once the hackers find computers on the Internet to use.

The research’s goal is to develop algorithms — the fundamentals behind software — and statistical techniques to compare network traffic, Daniels said.

He said this would allow companies to monitor hackers and their locations.

Daniels and Guan said the monitoring system can help companies find out if, for instance, a hacker is working from around the globe or from inside the company’s network.

Guan said their mission is to find how they can trace the original hacker.

Daniels said they look at network traffic to see how long the attacks have been going on and if they can draw patterns in long-term attacks.

Anthony Persaud, graduate student in computer engineering, said the software would save companies money and allow law enforcement agents to catch and charge criminals more quickly.

Guan said the first phase of research should be completed by July.

The research findings will be integrated into the intelligence community.