Heartbleed Bug attacks criminals that used It
In a surprising twist to the Heartbleed Bug panick, the people who have exploited the system are now at a disadvantage as Internet security researchers are using the same bug to take criminals’ secret information.
Anti-malware researchers have told broadcast firm BBC that they have found a way to gain access to closed forums like Darkode and Damagelab where online criminals trade vital data with each other. Heartbleed Bug has allowed the researchers to hack into the forums which are usually hard to penetrate.
French researcher Steven K said he had used special written tools to grab information from the closed forums: ‘Darkode was vulnerable, and this forum is a really hard target. Not many people have the ability to monitor this forum, but Heartbleed exposed everything.’
Sentor computer security researcher Charlie Svensson explained that criminals’ vulnerability to the bug shows ‘how serious Heartbleed is. You can get the keys to the kingdom, all thanks to a nice little heartbeat query.’
Many websites have already updated their communications systems since the panick spread around the first week of April. However, experts insist that the Heartbleed Bug’s effects will persist for years. Netcraft security researcher Paul Mutton said ‘an attacker can still impersonate [a] website’ if the website has not yet cleaned up their security certificates.
In addition, the Heartbleed Bug is also making other gadgets vulnerable to an attack, including closed circuit TV cameras, home routers, baby monitors, thermostats, cloud-based services, video conferencing systems and more.
Sophos global head of security research James Lyne cautioned the public not to put their defences down as ‘We do not really know how much Heartbleed is being used offensively because it’s an attack that is hard to track and log.’