Heartbleed Used against Cyber-crooks

News Article - Thursday, 01 May 2014 12:12

By: Kerry Butters Category: Security

Security researchers have used the Heartbleed bug to access forums on the cyber-underworld where crooks trade data, according to a report from the BBC. According to one anti-malware researcher, known only as Stephen K, the bug has left many of the forums in a "critical” position and vulnerable to attack.

However, the attacks are coming in the form of specially written tools which allow security professionals to target closed forums. The forums are usually exceptionally difficult to access, especially Darkode, which Mr K described as being "a really hard target”.

"Not many people have the ability to monitor this forum, but Heartbleed exposed everything," he told the BBC .

The researchers use tools which exploit the vulnerability, allowing them to access recently handled data such as login details. It’s thought that the work could lead to arrests on malicious hacking charges.

Heartbleed was discovered last month and has caused widespread publicity due to the severity of the bug, which affects Open SSL certificates. The news prompted many websites to tell its users to change their passwords in order to keep data safe, but some reports have emerged which tell users to ignore this advice.

Changing passwords whilst the bug is "under widespread exploitation isn’t a good suggestion,” according to Trend Micro’s Rik Ferguson

"Changing now increases your risk of exposure in the short term as the vuln is now public," he said. "I would advise [avoiding] vulnerable sites too, but changing pw 'now' will not reduce risk, only increase workload."

Last week, it emerged that many of the IT vendors thought to be vulnerable were not being completely transparent with users about the effect of Heartbleed on their products. According to the BBC report, many websites have still not cleaned up the necessary security credentials which were put at risk by the vulnerability either.

It’s thought that the clean-up operation could take months or even years and the problem is further compounded by the inadequate job done by web browsers when it comes to checking whether security certificates have been revoked.

The list of devices affected by Heartbleed is also growing; it’s thought that routers, CCTV cameras and many home-management gadgets are also vulnerable to attack. However, due to the difficulty in tracking how the bug is exploited by cyber-crooks, it’s not known how large scale the threat actually is.

Recent Articles