Eric De Grasse, Chief Technology Officer
(with contributions from Gregory Bufithis)
30 April 2014 – In a case of live by the sword, die by the sword, researchers have used the now-infamous Heartbleed bug in OpenSSL to gain access to black-hat forums. A French researcher named Steven K [name withheld] has reported that “the potential of this vulnerability affecting black-hat services is just enormous”. He focused on the criminal-minded sites Darkode and Damagelab which have been compromised. Heartbleed had put many such forums in a “critical” position, he said, leaving them vulnerable to attack using tools that exploit the bug.
If you’ve been asleep the past few weeks, the Heartbleed vulnerability was found in software, called Open SSL, which is supposed to make it much harder to steal data. Instead, exploiting the bug makes a server hand over small chunks of the data it has just handled – in many cases login details or other sensitive information.
Mr K said he was using specially written tools to target some closed forums called Darkode and Damagelab. These are … Read more