Anti-malware researches have managed to exploit the Heartbleed vulnerability to access protected forums used by hackers to exchange information.
According to French cyber security analyst Steven K, the researchers were able to access sites including Darkode and Damagelab in the same way hackers previously attacked UK-based parents’ forum Mumsnet.
"Darkode was vulnerable, and this forum is a really hard target,” Steve K said. “Not many people have the ability to monitor this forum, but Heartbleed exposed everything," he said, suggesting that cyber security researchers hope to find a treasure of information using the data leaked from the forum through the Heartbeed bug.
However, the IET’s cyber security expert Hugh Boyes was less happy to hear the information about researchers accessing the secretive forum had been publicised.
"Whilst commendable that security researchers have used the Heartbleed bug to access closed forums used by cyber criminals, it is a pity that this has been publicised. The site operators are likely to quickly remedy this weakness,” he said.
"The report that underground forums are vulnerable demonstrates that the Heartbleed bug is a serious vulnerability. It allows access to more than login credentials. Website operators should check that their sites are not vulnerable. If they are then the bug should be fixed as a matter of
The Heartbleed bug was discovered earlier this month having gone undetected for more than 2 years. It compromises the OpenSSL software in computers that encrypts data to make it harder to steal. The flaw led to major Internet companies encouraging their users to change passwords and login details in order to protect themselves from a potential hack.