Companies like Google, Microsoft, Yahoo and many other are consistently forcing the use of HTTPS by web sites to secure the web traffic and preventing the attackers from hijacking the data transfered from end user’s browser to the website. But it appears that Russian Hackers are one step ahead and found a way to track secure HTTPS web traffic, as reported by Kaspersky.

Chrome and Fire Fox Patched by Turla , Russian Hackers

Hackers normally do not modify the web browsers except exploiting the vulnerabilities inherent in them.But now one of the hacker group is entering into a new paradigm and take it to step further. Recently Antivirus company, Kaspersky, has revealed tactics employed by Russian hacker group, Turla. Turla has modified Google Chrome and Mozilla FireFox and fingerprinted TLS encrypted web traffic.

There is a reason why companies like Google are trying to push for more websites to use HTTPS is because it helps to secure your web traffic. It helps to prevent attackers from interfering with the data transferred between the website and your browser. Unfortunately, a report from Kaspersky has revealed that Russian hackers might have found a way to track secure web traffic.
This is not the first time when Turla modifies a browser component to deploy malware on infected hosts. The Russian hacker group has previously installed a back-door Firefox add-on in victims’ browsers back in 2015, which it used to monitor the user’s web traffic.You can find further details at  bitdefender’s document.

How Turla achieves attack?

The Russian hacker group Turla ,uses a two step process to achieve this. First infects the systems with a remote access trojan (RAT) . After that using the capabilities of RAT they modify/patch the web browsers like Google Chrome and Mozilla FireFox. First they install their own digital certificates in order to intercept TLS traffic originating from the host. Then afterwards modify the Chrome and Firefox web browsers by patching their pseudo-random number generation (PRNG) functions. Patching the pseudo-random number generation is necessary as it negotiates TLS connections. These functions are needed for the process of negotiating and establishing new TLS handshakes for HTTPS connections.This allows them to add finger print to every TLS action and passively track the encrypted traffic. Further details can be seen as released by kaspersky.

Two Step Deployment Process, Install RAT then Patch web Browser (Chrome, firefox)

I removed the RAT, Am I safe now?

All of these actions modifies how web browser runs and due to these modifications, even with the use of HTTPS, Hackers are able to fingerprint the victim and allow them to track users across websites. Now the things get really interesting as there was no attempt to break the encryption on the websites, but Turla, Russian Hacker group employs this as a secondary surveillance tool. So if the victim even some how discovers the RAT that is being installed and remove it , even then hackers can continue to watch and passively spy on victim’s web activity.
The question arises that why the hackers would need to adopt such complex mechanism is not entirely clear. If hacker is able to successfully compromise a computer with a remote control trojan, then there is don’t need to patch the browser to spy on traffic. However according to ZDNet, it might be a failsafe mechanism . This allows intruders to spy on web traffic for victims who eventually removed the trojan, but not cautious enough to reinstall their web browsers.

How to get rid of it?

The only way to actually completely remove this eaves dropping framework is to do a fresh install of the web browser from authentic source. If you only remove the RAT even then the attacker is able to listen and monitor the web traffic originating from the victim browser.

Who are the current Targets of Turla?

So far, as per reports of the activity. The intended initial targets are located in Russia and Belarus where it is believed that it is done to spy on political targets and dissidents. The group is sophisticated enough to have successfully compromised Eastern European Internet providers in the past to infect legitimate downloads. It is fairly possible that ISPs may compromise again, but this time, instead of the Mosquito trojan, Turla deployed Reductor.

This Article covers

chrome, encryption, firefox, gear, google, internet, mozilla, reductor, russia, security, surveillance, tls, turla ,Https Compromised,https hacked,https security compromised

 

 

Google Quantum Computing Break Through

Quantum Computing Break Through Moment Google has performed the major breakthrough in the field of quantum computing. Google recently acclaims that it has achieved a breakthrough in quantum computing research, quantum supremacy ,by enabling its quantum processor...

Digital Wellbeing and Parental Controls on Android

Release of Android Pie (9.0) came with a bunch of new features and possibilities. Google I/O 2018 focuses majorly on one of the biggest aspects regarding improving digital wellness of their consumers. The new tool focuses on helping users understand how they interact...

Russian hackers patched Chrome and Firefox, tracking secure HTTPS web traffic

Companies like Google, Microsoft, Yahoo and many other are consistently forcing the use of HTTPS by web sites to secure the web traffic and preventing the attackers from hijacking the data transfered from end user's browser to the website. But it appears that Russian...

Microsoft’s Surface Duo smart phone, The Game changer

Microsoft  again surprised consumers with the release of new mobile phone this week , Surface Duo. It is the long-awaited Surface phone that is awaited for years, and to add a spice to your surprise, it is running Google’s Android operating system. It is designed to...

Microsoft and Adobe brings Fresco to Surface Pro X

Microsoft announced that Adobe Fresco (previously also known under its codename Project Gemini), the long-awaited next-generation drawing and painting app, will now be available for the Microsoft Surface Pro X as well. If you’re a Adobe's Creative Cloud subscriber,...

Google privacy drive: introducing incognito mode for Maps

Google is planning to introduce new privacy features to its Google Maps, YouTube and Google Voice Assistant services. Privacy takes by google offering, with options including incognito mode and automatic data deletion. Google has been working for quite some time to...

Linux Kernel Lock Down

Securing Kernel - Lock Down Feature Cyber Security and Linux are such synonyms that proved their efficacy in every aspect. In Linux UEFI secure boot mechanism is introduced with a intent to protect the system against ever raising persistent malware threats, unwanted...

CISCO Identity Services Engine (ISE)

Cisco Identity Services Engine (ISE) Quick Overview Cisco Identity Services Engine (ISE) is a network administration product that enables the creation and enforcement of security and access policies for endpoint devices connected to the company’s routers and switches....

Call of Duty

Call of Duty is a popular first-person shooter video game. It was developed by Infinity Ward and published by Activision. In October 2003, it was firstly released for Microsoft Windows.The game simulates military armed combats for infantry and combined arms warfare of...

kik shutting down

Started in 2010, the messaging application "KIK" will be shutdown by its parent organization, "Kin", which needs to concentrate on crypto instead of messaging, with a fantasy to turn into the future currency of the web. Tragically, it has also downsized its workforce...