US start-up aims to prevent website hacks through ‘shape-shifting’ device

22 Jan 2014

Shape Security, a small web security team, is attempting to help companies fight back against major online attacks which have crippled websites with a botnet firewall appliance.

In recent months and years, some of the world’s largest companies with an online presence have succumbed to a series of attacks from individuals and groups of hackers who, with a single piece of code, can make a website crash or project a message or image.

Companies like Microsoft, Target and Skype have all been victims of the largely untraceable crimes and have spent millions of dollars trying to combat the attacks.

Now however, the team based in Silicon Valley is launching the ShapeShifter, which aims to prevent these attacks, known as ‘botnets’, from ever getting into a company’s server.

The device’s first line of defence is its ability to ‘polymorph’, which continuously changes a website’s code to block any attempted attacks.

Fighting fire with fire

Hackers use polymorphing code in their own attacks to prevent the source of the malware going back to its developer, as well as preventing a company’s firewall from blocking one particular piece of code.

Shape Security uses the same concept in its ShapeShifter to make the source code of websites appear differently on every page view, which has the effect of defeating malware, botnets and scripts.

For people using the website, there should be no discernible difference between a non-encrypted website and a ShapeShifter-equipped website as only the underlying code will be altered.

Writing on his blog about the device’s launch, Sumit Agarawl says an polymorphing website will not just protect the website from going down, but will also prevent any financial crime or hacking of accounts taking place: “Many web attacks are only profitable if automated. Criminal enterprises pursue profit: without automated scripts, many of today’s attacks cease to be economically viable.

“Instead of constantly detecting and reacting to threats, the ShapeShifter targets the economics of web hacking, and makes the preferred approach of criminals – automation, too expensive. This provides broad protection from automated attacks against websites and represents a completely new approach to security.”

Hacker image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com