Researcher develops ‘active cookies’ to take a bite out of cyber crooks

An Indiana University School of Informatics scientist has said that his newly developed active cookie technology provides a "strong shield" against identity theft and cyber attacks.

Cybersecurity researcher Markus Jakobsson and the start-up RavenWhite, of which Jakobsson is a co-founder, have developed the technology as a countermeasure to protect against online scams such as pharming and man-in-the-middle attacks.

While cookies were merely designed to identify users, active cookies are designed to authenticate users. The academic said that his system is particularly effective at thwarting pharming attacks which attempt to plant false information in name servers, resulting in users' browser address requests being redirected to malicious phishing sites.

"There are no reliable commercial tools currently available to protect users from such attacks," said Jakobsson, associate professor of informatics and associate director of the IU Center for Applied Cybersecurity Research.

"We believe that active cookies can provide such protection."

Jakobsson added that his invention helps protect against known types of pharming and man-in-the-middle attacks, but also against new and threatening versions such as two new attacks discovered by Mark Meiss and Alex Tsow, both computer science doctoral students at IU.

Meiss discovered a technique that allows a hacker to hijack almost any Wi-Fi connection with the purpose of redirecting users to incorrect sites. He claims to have recently verified that the technique works in a local hotspot.

"There is no way a user can determine that this attack takes place," explained Meiss, a researcher at IU's Advanced Network Management Lab. "You can't be sure you are actually visiting your banking site, for example, even though it looks like you are. There is simply no way of telling."

An additional new attack was discovered by Tsow who notes that consumer routers can be "trivially modified" to stealthily redirect users to fake sites. He showed a browser window where he typed "eBay" into the address bar, but where the loaded content showed the webpage of the Anti-Phishing Working Group.

"In a real attack, the user would be taken to a site that is a true clone of the place they intended to go, but the cloned site would be operated by the attacker and would steal the user's password," said Tsow, a visiting research associate who works with Jakobsson.

Jakobsson said these kinds of attacks pose threats that few have considered.

"How can I dare to connect in a hotspot when the guy next to me may be hijacking my connection and taking me to the wrong site to steal my password?" Jakobsson asked. "And how can anybody buy hardware from sellers they don't trust? These attacks are not detectable by the ordinary internet user."

Jakobsson cautioned that consumers should not buy a router from online services if they fear the seller might really be a phisher in disguise. Apart from being a problem for online auction sites such as eBay, he believes it is also a problem for financial service providers, whose customers are the potential victims of attacks of this type.

"Those are the organizations that would benefit most from using active cookies," Jakobsson said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.