HeartBleed Counter Attack Via Honey Pot Could Snag Hackers Who Compromised Millions Of Passwords
(CBS SF) — The hackers behind the HeartBleed security issue that compromised millions of passwords and affected an estimated two-thirds of “secure” websites around the world could be brought down by a simple and quaint-sounding trick being engineered at the University of Texas at Dallas — a special type of “honey pot.”
Computer security researchers there had been developing a technique called “Red Herring” the automatically creates decoy servers on a company’s servers themselves — so hackers who exploit a vulnerability think they’ve gained confidential secure information, but instead, they’re attracted to a sweet, sticky “honey pot” that is monitoring what they do, analyzing their actions, and tracking them down.
Heartbleed became public on April 8th, and the team deployed the Red Herring system 2:30 a.m. the next day.
“When Heartbleed came out, this was the perfect test of our prototype,” UT Dallas Cyber Security Research and Education Institute (CSI) team leader Kevin Hamlen said.
Hamlen says their decoy servers look just like the real server, but they’re a trap.
“The attackers think they are winning, but Red Herring basically keeps them on the hook longer so the server owner can track them and their activities,” Hamlen said. “This is a way to discover what these nefarious individuals are trying to do, instead of just blocking what they are doing.”
The problems for anyone with a password began in 2012, when a feature called “Heartbeat” was added to website security software (called OpenSSL) that encrypts secure Internet connections for things like online banking, or buying stuff online. The “improvement” kept the connection open when people were on slow connections, however, a flaw allowed it to be held open even when idle, and that let information bleed out of the “Heartbeat” feature.
The Red Herring algorithm uses a software patch that fixes the vulnerability, but turns it into a trap at the same time.
The timing of Heartbleed, and the research from UT was perfectly timed for a trial run.
“In their original disclosure, security firm Codenomicon urged experts to start manually building honeypots for Heartbleed,” Hamlen said. “Since we already had created algorithms to automate this process, we had a solution within hours.”