Back to News & Media
February 20, 2006
Cybersecurity expert Markus Jakobsson and the startup RavenWhite, for which he is a co-founder, have developed a new technique called an “active cookie,” a countermeasure designed to protect against on-line scams such as pharming and man-in-the-middle attacks.
Pharming is a means to obtain personal or private (usually financial) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for users to visit spoof Web sites which appear legitimate, pharming “poisons” a domain name server by planting false information into the server, resulting in a user’s request being redirected elsewhere. The browser, however, tells users they are at the correct Web site.
“There are no reliable commercial tools currently available to protect users from such attacks,” says Jakobsson, associate professor of informatics and associate director of the IU Center for Applied Cybersecurity Research. “We believe that active cookies can provide such protection.”
RavenWhite provides a new use of cookies, coded pieces of information stored on a person’s computer that identify that computer during the current and subsequent visits to a Web site. Active cookies can be used in some situations where traditional cookies are not practical. Jakobsson’s invention helps protecting against known types of pharming attacks and man-in-the-middle attacks, but also against new and threatening versions of such attacks such as two new attacks discovered by Mark Meiss and Alex Tsow, both computer science doctoral students at IU.
Meiss discovered a technique that allows an attacker to hijack most any Wi-Fi (wireless network) connection with the purpose of redirecting users to incorrect sites. He recently verified that the technique works in a local hotspot, a location where Wi-Fi users pick up an active signal.
“There is no way a user can determine that this attack takes place,” explains Meiss, a researcher at IU’s Advanced Network Management Lab. “You cannot be sure you are actually visiting your banking site, even though it looks like you are. There is simply no way of telling.”
Tsow discovered that consumer routers can be trivially modified to stealthily redirect users to fake sites. He shows a browser window where he typed eBay into the address bar, but where the loaded content shows the Web page of the Anti-Phishing Working Group.
“Of course, in a real attack, the user would be taken to a site that is a true clone of the place they intended to go, but the cloned site would be operated by the attacker and would steal the user’s password,” says Tsow, a visiting research associate who works with Jakobsson.
Jakobsson believes these kinds of attacks are threats few have considered. “How can I dare to connect in a hotspot when the guy next to me may be hijacking my connection and taking me to the wrong site to steal my password?” he asks. “And how can anybody buy hardware from sellers they do not trust? These attacks are not detectable by the ordinary Internet user?”
Jakobsson cautions that consumers should not buy a router from online services if they fear the seller might really be a phisher in disguise. Apart from being a problem to online auction sites, it is also a problem to financial service providers, whose customers are the potential victims of attacks of this type.
“Those are the organizations that would benefit most from using active cookies,” he adds.
Jakobsson will discuss active cookies and other research results on identity theft and its countermeasures when he moderates a panel discussion Feb. 18 at the annual gathering of the Association for the Advancement of Science in St. Louis, Mo.
More details about RavenWhite can be found at www.ravenwhite.com. Information about the IU Center for Applied Cybersecurity Research is at http://cacr.iu.edu.
Internet-related identity theft accounted for about 9 percent of all ID thefts in the United States in 2005, according to a recent report released by Javelin Strategy and Research. The findings also show the average loss per incident jumped to $6,432, up from $2,897 in the previous year.
Consumers can find out more about how to protect themselves from identity theft at the Federal Trade Commission Web site, www.consumer.gov/idtheft.
‘Cookie’ helps protect Internet users from cyber crooks
A new technique developed by an Indiana University School of Informatics scientist provides a strong shield against identity theft and cyber attacks.Cybersecurity expert Markus Jakobsson and the startup RavenWhite, for which he is a co-founder, have developed a new technique called an “active cookie,” a countermeasure designed to protect against on-line scams such as pharming and man-in-the-middle attacks.
Pharming is a means to obtain personal or private (usually financial) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for users to visit spoof Web sites which appear legitimate, pharming “poisons” a domain name server by planting false information into the server, resulting in a user’s request being redirected elsewhere. The browser, however, tells users they are at the correct Web site.
“There are no reliable commercial tools currently available to protect users from such attacks,” says Jakobsson, associate professor of informatics and associate director of the IU Center for Applied Cybersecurity Research. “We believe that active cookies can provide such protection.”
RavenWhite provides a new use of cookies, coded pieces of information stored on a person’s computer that identify that computer during the current and subsequent visits to a Web site. Active cookies can be used in some situations where traditional cookies are not practical. Jakobsson’s invention helps protecting against known types of pharming attacks and man-in-the-middle attacks, but also against new and threatening versions of such attacks such as two new attacks discovered by Mark Meiss and Alex Tsow, both computer science doctoral students at IU.
Meiss discovered a technique that allows an attacker to hijack most any Wi-Fi (wireless network) connection with the purpose of redirecting users to incorrect sites. He recently verified that the technique works in a local hotspot, a location where Wi-Fi users pick up an active signal.
“There is no way a user can determine that this attack takes place,” explains Meiss, a researcher at IU’s Advanced Network Management Lab. “You cannot be sure you are actually visiting your banking site, even though it looks like you are. There is simply no way of telling.”
Tsow discovered that consumer routers can be trivially modified to stealthily redirect users to fake sites. He shows a browser window where he typed eBay into the address bar, but where the loaded content shows the Web page of the Anti-Phishing Working Group.
“Of course, in a real attack, the user would be taken to a site that is a true clone of the place they intended to go, but the cloned site would be operated by the attacker and would steal the user’s password,” says Tsow, a visiting research associate who works with Jakobsson.
Jakobsson believes these kinds of attacks are threats few have considered. “How can I dare to connect in a hotspot when the guy next to me may be hijacking my connection and taking me to the wrong site to steal my password?” he asks. “And how can anybody buy hardware from sellers they do not trust? These attacks are not detectable by the ordinary Internet user?”
Jakobsson cautions that consumers should not buy a router from online services if they fear the seller might really be a phisher in disguise. Apart from being a problem to online auction sites, it is also a problem to financial service providers, whose customers are the potential victims of attacks of this type.
“Those are the organizations that would benefit most from using active cookies,” he adds.
Jakobsson will discuss active cookies and other research results on identity theft and its countermeasures when he moderates a panel discussion Feb. 18 at the annual gathering of the Association for the Advancement of Science in St. Louis, Mo.
More details about RavenWhite can be found at www.ravenwhite.com. Information about the IU Center for Applied Cybersecurity Research is at http://cacr.iu.edu.
Internet-related identity theft accounted for about 9 percent of all ID thefts in the United States in 2005, according to a recent report released by Javelin Strategy and Research. The findings also show the average loss per incident jumped to $6,432, up from $2,897 in the previous year.
Consumers can find out more about how to protect themselves from identity theft at the Federal Trade Commission Web site, www.consumer.gov/idtheft.
