New tool exposes websites that have suffered data breaches

Last month, Mozilla joined hands with HaveIbeenpwned, a data breach index website, the purpose of it was to alert users when they visit a website that was previously compromised since the trend of hiding data breaches is growing among companies and businesses regardless of their status.

Tripwire tool

Now, the IT security researchers at University of California San Diego (UCSD) have developed a prototype tool that would identify if websites have been compromised. The researchers involved in the development of this tool are Alex C. Snoeren, professor of computer science at the Jacobs School of Engineering at the University of California San Diego, Geoffrey M. Voelker, Joe DeBlasio and Stefan Savage.

Dubbed Tripwire by researchers; the tool was tested [PDF] on around 2,300 websites from January 2015 to February 2017. Researchers then waited to see if any of the registered accounts would be compromised since it would be an indicator that a site has been hacked.


According to Alex C. Snoeren of UCSD: “In the end, the system detected 1 percent, or 19 sites, were compromised, “including what appears to be a plaintext password compromise at an Alexa top-500 site with more than 45 million active users.” The surprising fact about the result was that none of the sites disclosed the breach to their customers.

“I was heartened that the big sites we interacted with took us seriously,” Snoeren said.

“I was somewhat surprised no one acted on our results,” Snoeren added, saying his team won’t disclose the websites’ names. “The reality is that these companies didn’t volunteer to be part of this study. By doing this, we’ve opened them up to huge financial and legal exposure. So we decided to put the onus on them to disclose.”

Tripwire on Github

The entire code for Tripwire is available on GitHub that details the source code for the crawler. Moreover, researchers have also shared an anonymized version of the login data that consists of an entry for each login event. This anonymization according to researchers was chosen to balance the desires of transparency and protecting the accounts in the Tripwire sample.

However, researcher Mr. DeBlasio warned users on Github adding that:

“While we provide complete source for the crawler, I highly discourage you from actually trying to run it, and you do so at your own risk. If, however, you are interested in the heuristics that our crawler uses, or how the system works, the code is all here!

But really, if you’ve been tasked with getting this crawler running, turn back all ye who enter here. This code is very old, very fragile, and requires a lot of moving parts to get working well.”

Hiding data breaches

While hiding data breach incidents is nothing new its results can be devastating for unsuspecting users. The effect of Equifax and Uber data breaches is a significant example of it where Equifax discovered that hackers stole SSNs of 143M Americans in July 2017 but only decided to inform its customers in September this year.

Uber did a similar trick with its customers, the ride-hailing’ service paid off $100,000 to hackers for hiding the massive data breach which exposed private details of around 75 million accounts. The breach occurred in October 2016, and for over a year, Uber managed to keep it a secret by paying hackers such a hefty sum.

Source: UCSD / Study available here [PDF]


Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.