Attacks using stolen login information occur daily on all major sites. Kindred Group protects customers' accounts by altering the existing cat-and-mouse dynamic. "By being proactive, we make hackers' work costlier and ineffective," says Pierre-Antoine Haidar-Bachminska, Security Operations Line Lead at Kindred Group.
In recent years, millions of stolen login credentials have ended up in the hands of hackers. As long as people continue to reuse the same password year after year, there will be a market where lists of usernames and passwords are used as currency in a huge shadow economy.
But what happens if you can get ahead of the hackers and use their primary weapons against them? Since January 2018, Kindred Group, which has 25 million users worldwide, has proactively prevented possible attacks on more than a million user accounts by simply being faster than the hackers at detecting when previously leaked passwords are used by unsuspecting customers.
“Previously, we employed a reactive strategy to address these types of attacks. In other words, monitoring operations to detect attempted intrusions and then immediately freezing the account and associated assets, as well as contacting the customer and instructing them to change their password. But detecting attacks and acting on them always takes time, so we wanted to go a step further and better protect our customers by being more proactive,” says Pierre-Antoine.
“We developed a tool that allows us to compare lists of stolen login information with our own customer data. When the tool detects a match, we know that a customer's password has been leaked and can freeze the account like we would during an ongoing attack. We’re basically doing the same check as the hackers do, but faster. As a result, the account is secured before hackers get a chance to break into it.”
Available as open-source
Since implementing the tool, the number and effectiveness of attacks against Kindred customers have dropped substantially. The proactive strategy not only protects customers, but it also entices hackers to go elsewhere or change their strategy. This way of working has also been adopted by other major tech companies such as Google, Microsoft, Apple and Spotify. However, Kindred Group is the first one to open source and go public with it.
“For me, it's always been about making it difficult and costly to attack us. These lists of leaked login information are major investments for hackers. If that information becomes outdated thanks to our efforts, they end up wasting a lot of money. At the same time, it begins to look like someone further up the chain is selling bad information,” says Pierre-Antoine, adding that Kindred's tools are available for everyone to use.
“The more people use the tool, the harder and more expensive it becomes for those who carry out these attacks. This gives us an opportunity to force them to change their behaviour and look for new approaches," Pierre-Antoine concludes.