Bruce Schneier stood on the Source Boston keynote stage yesterday and used the word “ginormous” to describe the severity of the OpenSSL heartbleed bug.
“My guess is that when heartbleed became public, the top 20 governments in the world started exploiting it immediately,” Schneier said.
That’s assuming, of course, that those top 20 governments didn’t already have heartbleed and haven’t been exploiting it all along. The vulnerability in OpenSSL is an Internet-wide bug, one that’s kept a lot of people busy the last two days patching servers, revoking certificates, updating new ones, and changing a whole lot of passwords. And as Schneier said, governments may be slow in adopting new technologies, but when they do, they generally have the resources to do it well.
So is it equally ginormously dangerous to think the NSA, the Chinese or take-your-pick hacktivist group hasn’t been exploiting heartbleed since close to the time it was introduced into OpenSSL on New Year’s Eve 2011?
Ars Technica reported yesterday that MediaMonks of the Netherlands had evidence of exploit attempts going back to last November. Electronic Frontier Foundation technology projects director Peter Eckersley said inbound packets to MediaMonks contained TCP payload bytes that match those used by a proof-of-concept exploit.
Eckersley said the source IP addresses for those bytes belong to a botnet that’s been recording Freenode and other IRC activity.
“This is an activity that makes a little more sense for intelligence agencies than for commercial or lifestyle malware developers,” Eckersley said.
The EFF is asking network operators to check logs not only for the IP addresses in question, but for the TCP payload.
“A lot of the narratives around heartbleed have viewed this bug through a worst-case lens, supposing that it might have been used for some time, and that there might be tricks to obtain private keys somewhat reliably with it,” Eckersley said. “At least the first half of that scenario is starting to look likely.”
Heartbleed is so dangerous not only because it’s everywhere OpenSSL 1.0.1 to 1.0.1f is deployed, but also because attacks leave no trace. Everyone must assume they’re compromised. As expert Dan Kaminsky wrote today: “It’s a significant change, to assume the worst has already occurred.”
Kaminsky’s comment appears in a wide-ranging article on heartbleed, and the most salient point is that while OpenSSL may be the most prevalent TLS library and stands to reason that it’s among the most coveted technologies for compromise by intelligence agencies, it’s run by only a handful of competent and undercompensated people. A Wall Street Journal article points out that OpenSSL Project which funds OpenSSL development received less than $1 million from donations and consulting contracts.
“We are building the most important technologies for the global economy on shockingly underfunded infrastructure,” Kaminsky said. “We are truly living through Code in the Age of Cholera.”
Johns Hopkins professor and crypto expert Matthew Green said OpenSSL supports more than 80 platforms and reviews code contributions and changes from numerous sources, all with a fairly impressive record of not falling down on itself until this week.
“Maybe in the midst of patching their servers,” Green wrote this week, “some of the big companies that use OpenSSL will think of tossing them some real no-strings-attached funding so they can keep doing their job,”