Skip to main content

Originally published Friday, April 18, 2014 at 6:27 PM

  • Share:
  • Comments (0)
  • Print

Heartbleed used by hackers in attack on ‘major corporation’

It is one of the first confirmed cases of hackers using the online-security flaw Heartbleed to gain access.

The New York Times


SAN FRANCISCO — Within 24 hours of the Heartbleed bug’s disclosure last week, an attacker used it to break into the network of what was called a “ major corporation,” security experts said Friday.

Using Heartbleed, the name for a flaw in security software that is used in a wide range of Web servers and Internet-connected devices, the attacker was able to break into an employee’s encrypted virtual private network, or VPN, session.

From there, the hacker or hackers used the Heartbleed bug about 1,000 times, extracting such information as passwords to gain broader access to the victim’s network, said researchers at online-security firm Mandiant.

The targeted company noticed the attack only in its later stages. When the company analyzed what had happened, it realized Heartbleed was used as the entry point, said Christopher Glyer, an investigator at Mandiant. The attack was one of the first confirmed cases of a hacker using Heartbleed. Up until now, researchers say, they have seen widespread scanning of the Internet for vulnerable servers, and in some cases people have taken material from those servers using Heartbleed.

But it has been nearly impossible, they say, to discern between the activities of security researchers and hackers, and there has been no evidence of actual harm.

Investigators were still assessing whether damage had been done in this case, and because of nondisclosure agreements, the firm has not named the targeted company; Mandiant has said only that it is a “major corporation” with particularly sophisticated attack detection systems. “The main take-away is that within 24 hours of Heartbleed’s publication, we’re seeing this taken advantage of,” Glyer said. “And it’s entirely likely lots of other companies are being affected and just don’t know it yet.”

On Tuesday, a 19-year-old man was arrested in Canada on charges he had used Heartbleed to steal taxpayer data from the Canada Revenue Agency. At the University of Michigan, computer scientists said the Heartbleed bug had been used 140 times to gain access to stashes of data they had put on the Internet as a test.

The researchers could not say whether this was the work of attackers or other security researchers, but they did say more than half the infiltrations originated in China.

The University of Michigan researchers said this week that more than 1 million Web servers were still vulnerable. They are keeping an updated tally on the website of their project, called ZMap.

It was still unclear whether Heartbleed was exploited before its discovery by a Google researcher this month.

For the past week, researchers at Lawrence Berkeley National Laboratory and the National Energy Research Scientific Computing Center have been examining Internet traffic they recorded going in and out of their networks since the end of January, looking for exploitations of Heartbleed before its existence became public April 7.

So far, they have found none.

Four weeks for 99 cents of unlimited digital access to The Seattle Times. Try it now!

News where, when and how you want it

Email Icon

 Subscribe today!

Subscribe today!

99¢ for four weeks of unlimited digital access.



The Seattle Times Historical Archives

Browse our newspaper page archives from 1900-1984

The Seattle Times

The door is closed, but it's not locked.

Take a minute to subscribe and continue to enjoy The Seattle Times for as little as 99 cents a week.

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited content access is included with most subscriptions.

Subscriber login ►
The Seattle Times

To keep reading, you need a subscription upgrade.

We hope you have enjoyed your complimentary access. For unlimited access, please upgrade your digital subscription.

Call customer service at 1.800.542.0820 for assistance with your upgrade or questions about your subscriber status.

The Seattle Times

To keep reading, you need a subscription.

We hope you have enjoyed your complimentary access. Subscribe now for unlimited access!

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited content access is included with most subscriptions.

Activate Subscriber Account ►