For this second edition of the Weekly Cybernote, we will obviously be covering once again the notorious Heartbleed flaw, which has been extensively discussed online. We will then talk about a project developed by Google which aims to push up the appearance of encrypted websites in search results. Lastly, we will conclude on the topic of the exploitation of a flaw in casinos that has allowed its perpetrators to plunder 10 million euros.
First Heartbleed hack arrest
Heartbleed certainly has not stopped being a hot topic on the web. Indeed, this week saw this first arrest relating to the exploitation of the bug ever since it was discovered. A 19-year-old living in Canada was arrested under suspicion of being behind the leak of 900 social insurance numbers on the website of the Canada Revenue Agency. In Canada, a social insurance number allows making applications to public administrations, as well as banking organizations or medical and social service providers, or even applying for a job. Needless to say, the hacker turned the Heartbleed flaw to his advantage to accomplish his goals. Stephen Arthuro Solis-Reyes, a Western University student living in London, Ontario, was arrested on Tuesday by local authorities who seized his computer equipment as evidence. The Royal Canadian Mounted Police (RCMP), who had been keeping tabs on the hacker, took only four days to find him. The accused apparently was not a professional hacker, who would have been more adept at hiding his tracks and delaying his arrest.
Google wishes to boost encrypted websites in its search results
At the SMX West marketing conference, Google engineer Matt Cutts hinted at a potential tweak to Google’s search algorithm within the next few months with the aim of favoring encrypted websites in its search results in order to add a layer of security for its web users. The objective of the project is clear – to force companies to encrypt their websites’ data so as to offer internet users a more secure online experience. In the face of upsurges in cyberattacks and government spying, projects like these no longer come as a surprise in 2014. The latest vulnerabilities discovered on the OpenSSL protocol have shown that current security measures, established on a large majority of websites, were not the most reliable.
They exploited a flaw in slot machines and plundered 10 million euros
Slot machines are not spared from bugs, some of which are even critical and can cause heavy financial loss. The German company Paul Gauselmann, one of the largest suppliers of slot machines in Germany, learned that the hard way recently. A large group of people, in an organized operation, managed to con more than 100 000 such machines spread out in gaming areas throughout Germany. In total, the amount stolen from the “one-armed bandits” is estimated at 10 million euros. To pull off such a heist, the players exploited a software vulnerability on the roulette game offered on these machines. A simple combination of buttons allowed winning the jackpot, regardless of the results of the draw. This causes one to wonder if the thieves actually stumbled upon this bug by pure chance, or whether an employee of Paul Gauselmann was part of the scheme.