Wednesday March 27, 2019
Home Lead Story Dark Web Expo...

Dark Web Exposes Computer-server Data Transfer to Hackers

In comparison, there were just 531 mentions for ransomware

0
//

Cyber criminals now have access to the most-secured data files used to facilitate confidential communication between organisations’ servers and clients’ computers on the Dark Web, say researchers.

According to the team from Georgia State University and the University of Surrey, a thriving marketplace for Secure Sockets Layer (SSL) and Transport Layer Security (TLS) certificates exists on a hidden part of the Internet.

SSL and TLS are security technology (https protocol) that protects the transfer of data and information between computers and servers.

Networked machines use keys and SSL/TLS certificates to identify and authenticate themselves when connecting to each other, much like humans employ user names and passwords to go online.

According to the researchers, when these certificates are sold on the darknet, they are packaged with a wide range of crimeware that delivers machine identities to cybercriminals who use them to spoof websites, eavesdrop on encrypted traffic, perform attacks and steal sensitive data, among other activities.

“One very interesting aspect of this research was seeing TLS certificates packaged with wrap-around services — such as Web design services — to give attackers immediate access to high levels of online credibility and trust,” informed lead author David Maimon, Associate Professor in Georgia State.

Two days before the major cyber-hack on Wednesday, Dr.Krishna warned about the growing number of hospitals that could be shut down by ransomware attacks.

A search of five marketplaces in the darknet uncovered 2,943 mentions for SSL and 75 for TLS.

In comparison, there were just 531 mentions for ransomware.

It was surprising to discover, he added, how easy and inexpensive it is to acquire extended validation certificates, along with all the documentation needed to create very credible shell companies without any verification information.

Also Read- Supreme Court Restricts Defacement of Hillocks, Public Places with Political Slogans

“This study found clear evidence of the rampant sale of TLS certificates on the Dark Net,” said Kevin Bocek, Vice President of Security and Threat Intelligence for cyber security firm Venafi.

“Every organisation should be concerned that the certificates used to establish and maintain trust and privacy on the Internet are being weaponised and sold as commodities to cyber criminals.” (IANS)

Next Story

Hackers Win Tesla Car For Exposing System Error

The EV-maker was fairly quick to fix vulnerabilities exposed by white hat hackers

0
Tesla CEO Elon musk, board
Tesla CEO Elon Musk. (VOA)

Electric Vehicle (EV)-maker Tesla had to give away one of their Model 3 cars and $35,000 prize money to a group of hackers after they managed to crack its system during a hacking event.

Amat Cama and Richard Zhu of team Fluoroacetate exposed a vulnerability in the vehicle system during the Pwn2Own 2019 hacking competition, organised by Trend Micro’s “Zero Day Initiative (ZDI)”, held here this week.

The hackers targeted the infotainment system on the Tesla Model 3 and used a “JIT bug in the renderer” to take control of the system, Electrek reported on Saturday.

Charging problems with electric car
Tesla cars recharge at a Tesla station at a shopping center in Charlotte, N.C., June 24, 2017. Buyers of Tesla’s luxury models have access to a company-funded Supercharger network. VOA

“Since launching our bug bounty programme in 2014, we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community,” the report quoted David Lau, Vice President of Vehicle Software at Tesla as saying.

Also Read- Smokers Notice Health Warnings More on Plain-Packaged Cigarettes

As part of Tesla’s bug bounty programme, the company had given away hundreds of thousands of dollars in rewards to hackers who exposed vulnerabilities in its systems.

The EV-maker was fairly quick to fix vulnerabilities exposed by white hat hackers, the report said. (IANS)