Ask HN: did hordes of hackers swoop in the first hours (minutes) of Heartbleed?
I have this idea that there are hordes of hackers who create a hitlist of target websites that they want to hack.
They then just wait until the next exploit comes along.
And within hours (or minutes) of the new exploit becoming public, they swoop, own their target site and rootkit it.
Does anyone else think this is true?
And if it is true, then has half the Internet been rootkitted long before the sites owner could update SSL?
AND......so you updated your website - good on you. Do you think you had already been rootkitted?
2 comments
[ 1.8 ms ] story [ 14.1 ms ] threadIn answer to your question, I have no idea how long it takes the bad guys to exploit newly revealed exploits. Probably a day or two on average (for the tools to be developed and then distributed). Also, different people have different agendas and motivations -- there are no doubt people out there desperate to jump on to certain high-profile sites at the first chance (Apple, Amazon, with their credit card data would be an obvious target, for instance), but I suspect most hackers just cast their net far and wide and take whatever they can. Mostly it'll be unpatched servers from years ago that aren't managed by a proper ops team, using exploits that should have been patched a long time ago.
Unfortunately (perhaps interestingly) right after the announcement I would imagine that much of this activity would be changing passwords. I'd like to think that they were good about telling people not to change passwords until the hole was patched, but presumably some people would still start to change their passwords. Ironically this hurts more than helps.