First Heartbleed-Based Cyberattacks Discovered


Recommended Posts

It?s Heartbleed?s first blood: two cyber-break-ins have been identified. One attack was at the Canadian tax agency and the other at a UK parenting website, which were allegedly accomplished using the Heartbleed bug, a flaw in a type of online encryption. The two cases appear to be unrelated, but in both instances snoops seemingly used the now-infamous flaw in OpenSSL, an online encryption software, to access the sites? databases. In at least one of the breaches, the hackers stole the personal information of hundreds of people.

Up until now, no one had found evidence that this devastating bug had been exploited for criminal purposes, despite the fact that up to two-thirds of the Internet was reportedly left vulnerable. The vulnerability is partially because using the bug to capture a server?s data doesn?t leave a record in the server?s logs.

When the Heartbleed bug was exposed last week (April 8) the Canada Revenue Agency (CRA) immediately took its website down in order to start patching the flaw. But apparently it wasn?t enough ? according to a post by CRA commissioner Andrew Treusch, someone still managed to breach the CRA database. During the course of a six-hour period, those people acquired 900 social insurance numbers (Canadian SSNs) by exploiting the Heartbleed bug.

Treusch said that the snoops also acquired additional data, ?some that may relate to businesses,? but did not elaborate. An investigation is still under way. Meanwhile the CRA has patched Heartbleed, and its website is back online. To help people affected by the delay, the deadline to file Canadian tax returns has been pushed back from Aprril 30 to May 5, according to Canadian news site CBC.

Meanwhile, Teusch says everyone affected in this breach will receive a confirmation letter containing directions for how to secure social insurance numbers. Teusch also warns people to beware Heartbleed-based phishing attempts, or official-seeming emails that appear to alert recipients of a Heartbleed attack but are really designed to trick people into divulging personal information.

more

Link to comment
Share on other sites

I dont understand because it leaves no traces. So what I am thinking is its the "Good day to bury bad news" scenario. Oh yeah we were attacked it must be this heartbleed thing. 

Link to comment
Share on other sites

Well this is one of those No #### moments. Apparently the hackers 10 mins after hearing about this starting pinging the internet looking for sites which had this issue. So if you didn't immediately patch your server after this was revealed you were most certainly going to be PWNED shortly

Link to comment
Share on other sites

This topic is now closed to further replies.