New System Tells Websites When They’ve Been Hacked

I wrote recently about ways that artificial intelligence is improving software development.  One of the more interesting is Oxford University spinout Diffblue, who have developed an AI-based solution to help improve the way code is tested.  Their AI engine aims to understand precisely what the code is trying to achieve, and then tests the code to examine just how well it’s performing.

A team from the University of California San Diego have also developed an AI-based solution, but theirs aims to tell IT staff when their systems have been compromised.  The tool does this by monitoring the email accounts associated with a website.

Interestingly, in tests they undertook as part of the development, they discovered that 1% of websites suffered a data breach during the 18 month study period, with size of business no deterrent to the hackers.  With around a billion websites online at the moment, even a figure as seemingly small as this means tens of millions of sites are compromised each year.

Setting the Tripwire

The call, known as Tripwire, utilizes a bot that autonomously registers accounts on a range of website.  Each of these accounts has a unique email address associated with it, with the same password used for each one.  The researchers then sat and waited to see if a hacker would breach their account using the profile.

To ensure the breach was purely related to the website and not the email provider, the team setup a control group of over 100,000 email accounts with the same email provider as that used in the study.  These addresses weren’t used to register on the various websites.  As expected, none of these accounts were compromised by hackers.

In total, 19 of the websites in the study had been hacked, including a well known startup with over 45 million active customers.  Once each breach was detected, the team notified the IT teams at each company to rectify matters with them.

Whilst nearly all of the compromised websites were welcoming of the feedback and worked with the team to rectify matters, none disclosed to their customers that a breach had occurred.

“The reality is that these companies didn’t volunteer to be part of this study,” the team explain. “By doing this, we’ve opened them up to huge financial and legal exposure. So we decided to put the onus on them to disclose.”

So how did the hackers breach the accounts, and what was their motivation?  Few of the compromised accounts were used to send spam, with most seemingly monitored for traffic levels.  The team propose that the hackers were snooping for useful information, such as bank and credit card details.

The moral of the story is therefore that we should not only try to make our passwords as secure as possible (and use a password manager to do so), but that we should ask ourselves just how much information we need to disclose online.

In terms of wider impact however, the company hope that companies will adopt Tripwire to improve their own security, and that this will ultimately have the biggest impact on security online.

“We hope to have impact through companies picking it up and using it themselves,” they conclude. “Any major email provider can provide this service.”