Cybersecurity non-profit organization Security Alliance has released a new tool to help security researchers verify cryptocurrency phishing attacks, which resulted in more than $400 million being stolen in the first half of this year.
The Security Alliance (SEAL) announced on Monday that it was working on a new tool to enable “advanced users and security researchers” to join the fight against cryptocurrency phishing by verifying that a reported phishing site is malicious.
They added that cybersecurity researchers often cannot see or replicate what users see when they encounter a potentially malicious link, as fraudsters have developed “anonymization features” to deliver benign content to suspicious web scanners.
SEAL's new tool, called the “verifiable TLS Certificates and Phishing Reports” system, which aims to help security researchers, will now help prove that a malicious website actually contains the phishing content a user claims to see.
“The goal is to be a tool to help the experienced ‘good guys’ work better together, rather than the average user,” the SEAL told Cointelegraph.
“What we needed was a way to know what a user is seeing. At the end of the day, if someone claims a URL delivers malicious content, we can't take them at their word.”
How SEAL Verifiable Phishing Reports Work
The system works by having a trusted authentication server that acts as a cryptographic oracle during a TLS connection.
Transport Layer Security (TLS) is a web protocol that ensures secure communication over a computer network by encrypting data to protect it from eavesdropping and tampering.
Related to: Venus Protocol user suffers $13.5 million loss due to phishing attack
The user or researcher runs a local HTTP proxy that intercepts connections, captures connection details, and sends them to the authentication server. The server handles all the encryption/decryption while the user maintains the actual network connection.
Verifiable phishing reports
Users can submit “verifiable phishing reports,” which are crypto-signed evidence of exactly what content a website is presenting to them.
The SEAL can then verify the legitimacy of these sites without having to access the phishing sites themselves, making it harder for attackers to hide their malicious content.
“This is a tool intended for advanced users and security researchers only,” SEAL wrote on the GitHub download page.
magazine: “Bitcoin’s Total Hit,” Shuffle suffers data breach: Hodler's Digest
