ltechnologygroup.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.
A team of three researchers from the University of California, San Diego (UCSD) has created a tool that can detect when user-registration-based websites suffer a data breach.
The tool, named Tripwire, works on a simple concept. Researchers say that Tripwire registers one or more accounts on websites by using a unique email address that they do not use for anything else.
Each email account and the website profile used the same password. Tripwire would check at regular intervals if someone used this password to access the email account, which would indicate the website suffered a breach and an attacker used the stolen account data to log into the associated email account.
Tripwire finds 19 data breaches during test run
In a live test, researchers said they registered accounts at over 2,300 sites. At the end of the study’s period, scientists said that attackers accessed email accounts for 19 of these sites, including one with a userbase of over 45 million.
UCSD researchers reached out to each website, but to their astonishment, none notified users of the breach.
“I was heartened that the big sites we interacted with took us seriously,” said Alex C. Snoeren, professor of computer science at the Jacobs School of Engineering at the University of California San Diego, and one of Tripwire’s four authors together with Joe DeBlasio, Stefan Savage, and Geoffrey M. Voelker.
“I was somewhat surprised no one acted on our results,” Snoeren added, saying his team won’t disclose the websites’ names. “The reality is that these companies didn’t volunteer to be part of this study. By doing this, we’ve opened them up to huge financial and legal exposure. So we decided to put the onus on them to disclose.”
Tripwire can expose sites storing passwords in cleartext
But the research didn’t end here. The simple concept behind Tripwire also exposes when websites store passwords in plaintext, researchers said.
For example, researchers say someone could use Tripwire to record multiple honeytrap accounts on the same websites, some with a simple password, and others with very complex and lengthy passphrases.
If an attacker accesses both, this means the website stores password information in plaintext, or another easy-to-break password hashing system like MD5.
If only accounts with the simple passwords are accessed, this means the website stores passwords in a secure manner, and an attacker might have used a basic brute-force dictionary attack to guess some user passwords.
Tripwire open-sourced on GitHub
In addition, researchers said they also carried out extra tests to determine if the breach took place at the actual website or the email provider that hosted the email address.
They said they created more than 100,000 email accounts to serve as control accounts. If an attacker accessed only the email addresses associated with online profiles, but not any of the other 100,000 test accounts, then this meant the breach took place at the third-party website, and not the email provider.
UCSC researchers published the source code for the Tripwire tool on GitHub, and they hope that companies would deploy it internally as an additional breach detection system.
The research team also presented their work on Tripwire at the ACM Internet Measurement Conference in London, this November. Their work on Tripwire is documented in a research paper titled “Tripwire: Inferring Internet Site Compromise.”
At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.
Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group, https://www.ltechnologygroup.com.