Scientists from Indiana University in the United States have successfully developed a new security technique that offers stronger protection against cyber attacks and online crime.
Cybersecurity expert Markus Jakobsson and RavenWhite—a newly established company where Jakobsson is a founding member—have successfully developed “dynamic cookies.” This new security solution is designed to combat online fraud attacks such as pharming and identity theft.
“Currently, there are no reliable commercial tools to protect users from such attacks,” Jakobsson stated. “We believe that ‘dynamic cookies’ can achieve that.”
‘Dynamic cookies’ can be applied in various situations where traditional cookies fail to perform their intended functions. Jakobsson’s invention not only helps protect against known online fraud and identity theft attacks but also against new attack threats akin to those discovered by Mark Meiss and Alex Tsow—two doctoral students in computer science at Indiana University.
Meiss identified a technique that allows malicious attackers to infiltrate most Wi-Fi connections to redirect users to a website completely different from the one they intended to visit. Meiss also demonstrated the practicality of this technique at a nearby hotspot.
“There is no specific solution that enables users to recognize ongoing attacks,” Meiss explained. “You may not be certain that you are accessing the bank website where you deposited your money, even though that website looks similar. There is no way to distinguish.”
Meanwhile, Tsow discovered that user routers can also be exploited to redirect users to a different website than the one they intended to visit. Tsow demonstrated this technique by opening a browser and entering the eBay address, but the browser returned the website of the Anti-Phishing Working Group.
“In a real attack, users would be redirected to a website identical to the one they wished to visit. However, that website is certainly operated by malicious attackers aiming to steal the user’s login credentials or banking passwords,” Tsow said.
Jakobsson believes that ‘dynamic cookies’ can effectively protect users from the aforementioned attacks or domain spoofing attacks aimed at facilitating online fraud.
RavenWhite asserts that basic technologies will not suffice to protect end users, which is why the company is developing server technologies to counter increasingly complex attacks.
To learn more about RavenWhite’s new technology, you can refer to the documentation here.
