Researchers develop cybersecurity service
Ever wonder what your email account is worth to a criminal?
You should, say UIC computer science researchers Chris Kanich and Peter Snyder.
The two developed an online service that allows Gmail users to view how much their account is worth to hackers.
The service — Cloudsweeper — can scan a Gmail account to detect sensitive information that cybercriminals might value, then determine a dollar amount based on that information.
The service can also encrypt passwords and login information to create a more secure online presence.
“I think people are really surprised to see how much value is in their email account,” said Snyder, a doctoral student in computer science who created Cloudsweeper with Kanich, assistant professor of computer science.
A hacker’s access to your Gmail can mean access to at least 20 other accounts, Snyder said.
“I think that’s really shocking to people, how interconnected things are,” he said.
Cloudsweeper’s account theft audit uses the dollar amounts that hackers sell account information for on the black market. For example, information for an individual Amazon account sells for $15 and an individual Apple account is $8, the developers said.
When a user forgets a password, some online sites resend the passwords and usernames in an email that the user saves.
Cloudsweeper’s Cleartext password audit looks for these passwords and offers to encrypt them.
“Your password protects the world from getting your email account,” said Snyder.
“The general idea is that almost every account you can get is going to be protected by a small password that is usually not that difficult to guess.”
Cloudsweeper participants may opt into an anonymous data collection that allows their results to be used in the team’s research.
Future plans for Cloudsweeper include scanning attachments for valuable information and an arbitrary find and replace feature.
The website is user-friendly, with three clickable buttons for each service Cloudsweeper offers.