Computer scientists discover tool to detect data breach on websites, personal email accounts

Petya ransomware attack
A message threat asking for ransom is sent to a Petya-infected computer Wikipedia

A tool named Tripwire, designed to detect when websites are being hacked has been successfully tested by computer scientists. The test was conducted by monitoring the activity of email accounts that are associated with the websites. It has been found that regardless how big the company is or how well protected their database is, almost one percent of the websites had suffered a data breach at some point of time during their 18-month study period.

According to Alex C. Snoeren, the paper's senior author and a professor of computer science at the Jacobs School of Engineering at the University of California, San Diego stated that data breach is a common thing and can happen to anyone, any nation or state no matter how protected the system is.

How it works

Joe DeBlasio, one of Snoeren's PhD students and the paper's first author states that one percent data breach is equivalent to tens of millions of websites on the Internet. This means that official government records or documents are at a huge risk. The researchers believed that the most alarming factor is that it is as easy to crack popular sites like the unpopular ones. Little or no effort is required to hack ten out of the top-1000 most visited sites. To curb this issue, the team from UC San Diego came up with a tool in November 2017 at the ACM Internet Measurement Conference in London.

Tripwire has a bot that registers and creates accounts on different websites. For the study, the bot registered to 2,300 websites. Each account has a unique mail address. The tool was designed in such a way that the same password was used for the email account and the website account associated with that email. The team kept vigilance on who else was using that same password to access the particular account which in return would indicate that the website has been hacked.

A control group was set up to see if the breach was linked to hacked websites and not the email provider. More than 100,000 email accounts were created with the same email provider that was used in the study. However, the team did not use the email address to register and none of these accounts were hacked. Towards the end of the test, it was revealed that almost 19 websites were hacked and the list also included a popular American startup with more than 45 million active users. The team informed the security teams of the respective websites that were hacked but none of them disclosed details of the breach to their customers.

After the websites were hacked, very few breached accounts were used to send spams. The hackers simply kept going through the email traffic as if they were monitoring emails to gather important information on banks and credit card accounts.

How to avoid

To check the efficiency of the hackers and how easily they can crack the code, the team of researchers created two accounts per website. One account had an easy password that hackers can guess easily and the other had a hard password with random 10-character strings of numbers and letters.

This experiment helped the team understand how websites store passwords. If both the websites are hacked then the website stores password in plain text. If the account with the easy password is hacked then the sites follow a sophisticated method for password storage. In order to keep the website and account protected the team of researchers advised users to not reuse passwords, to use a password manager and to disclose less online.

The researchers believe that certain websites ask unnecessary information. "Why do they need to know your mother's real maiden name and the name of your dog?" said Snoeren. DeBlasio said that there lies a huge probability that most of this information can go out. The team believes that this tool can help protect the information on various websites and can keep personal accounts secure.

Related topics : Cybersecurity