Plumbing the KRACK Vulnerability and Fast Flux Botnets: the AirBnB of the Cybercrime World

In this 67th episode of The Security Ledger Podcast, we talk with Bob Rudis of the firm Rapid7 about KRACK, a security hole that affects most wi-fi hotspots. Also: Or Katz of Akamai talks about that company’s work analyzing fast-flux botnets, which have become like AirBnB for cyber criminals looking for a place to host malicious networks. Finally: Tim Jarrett of Veracode tells us how a single security hole in an open source library found its way into millions of applications. 

Listen on Soundcloud
Listen on Security Ledger

In this 67th episode of the podcast, we delve into the recently disclosed KRACK vulnerability in the Wi-Fi Protected Access (or WPA) wireless security standard. How did a vulnerability persist in such a common technology component? Bob said that the folks who designed WPA did a great job getting the math right, but may have failed to imagine how the WPA technology might be implemented and all the attack scenarios that might be leveraged against WPA access points. ‘The tl;dr is that cryptography is hard,” Rudis said. “That’s the problem – they weren’t able to marry the math with the implementation of the math.”

Also: Or Katz of the firm Akamai tells us that a little discussed phenomenon – fast flux botnets- are a common ingredient behind a lot of online ills: from dark markets to phishing web sites and web based attacks. Why? Mostly because they are long lived. “The reason is that they are hard to be detected and therefore they are long lived,” he said. Populated by compromised home routers and other devices, the botnets rely on constantly shifting domain names to stay one step ahead of the good guys who are trying to shut them down. Like living beings, Katz said, fast flux botnets can persist for years – and that has attracted the attention of cyber criminals.  “They offer a service that is stable and that’s why they’re highly popular and are used by a variety of malicious services,” Katz told us.

And finally: when researchers at Veracode decided to chase down the reach of a particular, vulnerable open source library, they had no idea where the path would lead. In the end Tim Jarrett and his colleagues traced the Apache Commons Collection library to around 80,000 other, downstream open source project and millions of applications created using those open source projects.

That kind of re-use is what open source software is all about. But it becomes problematic after vulnerabilities are discovered in common open source libraries and other components, he said. The reason: application developers rarely apply patches for the open source components they’ve consumed.

“There’s no correlation between updates to open source components and the use of those updated libraries in applications, Jarrett said. “It really doesn’t matter whether an (open source) project is patching if the development teams never adopt those patches into their applications,” he said.

As always: check our full conversation in our latest Security Ledger podcast above or over at Soundcloud. You can also listen to it on iTunes.  As always, if you like our intro music, give some love to the group JoeLess Shoe, who recorded “Baxton,” the song we use in just about every podcast.

Spread the word!

Leave a Comment

Your email address will not be published.