{"id":626060,"date":"2024-06-29T16:10:01","date_gmt":"2024-06-29T13:10:01","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/we-analyzed-the-entire-web-and-found-a-cybersecurity-threat-lurking-in-plain-sight\/"},"modified":"2024-06-29T16:10:01","modified_gmt":"2024-06-29T13:10:01","slug":"we-analyzed-the-entire-web-and-found-a-cybersecurity-threat-lurking-in-plain-sight","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/we-analyzed-the-entire-web-and-found-a-cybersecurity-threat-lurking-in-plain-sight\/","title":{"rendered":"#We analyzed the entire web and found a cybersecurity threat lurking in plain sight"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a35fe389d19c\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a35fe389d19c\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/we-analyzed-the-entire-web-and-found-a-cybersecurity-threat-lurking-in-plain-sight\/#What_are_hijackable_hyperlinks\" >What are hijackable hyperlinks?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/we-analyzed-the-entire-web-and-found-a-cybersecurity-threat-lurking-in-plain-sight\/#Over_half_a_million_phantom_domains\" >Over half a million phantom domains<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/we-analyzed-the-entire-web-and-found-a-cybersecurity-threat-lurking-in-plain-sight\/#What_can_be_done\" >What can be done?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/we-analyzed-the-entire-web-and-found-a-cybersecurity-threat-lurking-in-plain-sight\/#We_the_Web\" >We, the Web<\/a><\/li><\/ul><\/nav><\/div>\n<div>\n<div class=\"article-gallery lightGallery\">\n<div data-thumb=\"https:\/\/scx1.b-cdn.net\/csz\/news\/tmb\/2023\/cybersecurity.jpg\" data-src=\"https:\/\/scx2.b-cdn.net\/gfx\/news\/hires\/2023\/cybersecurity.jpg\" data-sub-html=\"Credit: Pixabay\/CC0 Public Domain\">\n<figure class=\"article-img\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/scx1.b-cdn.net\/csz\/news\/800a\/2023\/cybersecurity.jpg\" alt=\"cybersecurity\" title=\"Credit: Pixabay\/CC0 Public Domain\" width=\"800\" height=\"530\"\/><figcaption class=\"text-darken text-low-up text-truncate-js text-truncate mt-3\">\n                Credit: Pixabay\/CC0 Public Domain<br \/>\n            <\/figcaption><\/figure>\n<\/div>\n<\/div>\n<p>Our latest research has found that clickable links on websites can often be redirected to malicious destinations. We call these &#8220;hijackable hyperlinks&#8221; and have found them by the millions across the whole of the web, including on trusted websites.<\/p>\n<p>                                                                                                                                    <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/dl.acm.org\/doi\/10.1145\/3589334.3645510\">Our paper<br \/>\n, published at the 2024 Web Conference, shows that cybersecurity threats on the web can be exploited at a drastically greater scale than previously thought.<\/p>\n<p>Concerningly, we found these hijackable hyperlinks on the websites of large companies, religious organizations, financial firms and even governments. The hyperlinks on these websites can be hijacked without triggering any alarms. Only vigilant\u2014some might say paranoid\u2014users would avoid falling into these traps.<\/p>\n<p>If we were able to find these vulnerabilities across the web, so can others. Here&#8217;s what you need to know.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_are_hijackable_hyperlinks\"><\/span>What are hijackable hyperlinks?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If you make a typo when entering your bank&#8217;s web address, you might accidentally end up on a phishing site\u2014one that impersonates, or &#8220;spoofs,&#8221; your bank&#8217;s website to steal your personal info.<\/p>\n<p>If you&#8217;re in a rush and don&#8217;t inspect the website closely, you may enter sensitive personal details and pay a steep price for your mistake. This could include<br \/>\n<\/a>identity theft, account compromise or financial loss.<\/p>\n<p>Something even more dangerous h<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ens when programmers mistype web addresses in their code. There&#8217;s a chance their typo will direct users to an internet domain that has never been purchased. We call these phantom domains.<\/p>\n<p>For example, a programmer making a link to theconversation.com might accidentally link to tehconversation.com\u2014note the misspelling. If the mistyped domain has never been purchased, someone could come along and buy that phantom domain for around A$10, hijacking the inbound traffic. In these cases, the price of programmers&#8217; mistakes is paid by the users.<\/p>\n<p>These programmer linking errors don&#8217;t just risk directing users to phishing or spoofing sites. Hijacked traffic can be directed towards a range of traps, including malicious scripts, misinformation, offensive content, viruses and any other hacks the future will bring.<\/p>\n<p>                                                                                                        <!-- TechX - News - In-article --><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Over_half_a_million_phantom_domains\"><\/span>Over half a million phantom domains<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Using high-performance computing clusters, we processed the whole browsable web for these vulnerabilities. At a scale never seen in research, in total we analyzed over 10,000 hard drives&#8217; worth of data.<\/p>\n<p>Doing so, we found over 572,000 phantom domains. The hijackable hyperlinks directing users to them were found on many trusted websites. In a twist of irony, this even included web-based software designed to enforce privacy legislation on websites.<\/p>\n<p>We investigated what errors caused these vulnerabilities and categorized them. Most were caused by typos in hyperlinks, but we also found another type of programmer-generated vulnerability: placeholder domains.<\/p>\n<p>When programmers develop a website that does not yet have a specific domain, they often enter links to a phantom domain with the expectation the links will be fixed later.<\/p>\n<p>We found this to be common with website design templates, where the aesthetic components of a website are purchased from another programmer rather than developed in-house. When the design template is later installed on a website, the phantom domains are often not updated, making links to them hijackable.<\/p>\n<p>To determine if hijackable hyperlinks could be exploited in practice, we purchased 51 of the phantom domains they point to and passively observed the inbound traffic. From this, we detected substantial traffic coming from the hijacked links. Compared to similar new domains that lacked hijacked links, 88% of our phantom domains got more traffic, with up to ten times more visitors.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_can_be_done\"><\/span>What can be done?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>For average web users, awareness is key. Links cannot be trusted. Be vigilant.<\/p>\n<p>For those in charge of companies and their websites, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/dl.acm.org\/doi\/10.1145\/3589334.3645510\">we suggest several technical countermeasures<\/a>. The simplest solution is for website operators to &#8220;crawl&#8221; their websites for broken links. Countless free tools are available for doing so. If any broken links are found, fix them before they are hijacked.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"We_the_Web\"><\/span>We, the Web<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>British scientist Sir Tim Berners-Lee <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.home.cern\/science\/computing\/birth-web\">first proposed the web at CERN<\/a> in 1989. In his earliest description of it\u2014still widely available on the web as a testament to itself\u2014there is a section titled &#8220;non requirements,&#8221; where security is addressed. This section includes the fateful phrase:<\/p>\n<p>&#8220;[Data security is] of secondary importance at CERN, where information exchange is still more important.&#8221;<\/p>\n<p>While this was true of CERN in 1989, the web is now the primary information exchange medium of the modern age.<\/p>\n<p>We have come to treat the web as an external component of our own brains. This is evidenced by the popularity of large language models like ChatGPT, which themselves are trained on data from the web.<\/p>\n<p>As our dependence deepens, it might be time to mentally re-categorize web data security from &#8220;non requirements&#8221; to &#8220;important requirements.&#8221;<\/p>\n<div class=\"d-inline-block text-medium my-4\">\n                                                Provided by<br \/>\n                                                                                                    The Conversation<br \/>\n                                                                                                        <a rel=\"nofollow noopener\" target=\"_blank\" class=\"icon_open\" href=\"https:\/\/theconversation.com\"><br \/>\n                                                        <svg><use href=\"https:\/\/techx.b-cdn.net\/tmpl\/v2\/img\/svg\/sprite.svg#icon_open\" x=\"0\" y=\"0\"\/><\/svg><\/a><\/p><\/div>\n<p>                                                                                                                            This article is republished from <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\">The Conversation<\/a> under a Creative Commons license. Read the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/we-analysed-the-entire-web-and-found-a-cybersecurity-threat-lurking-in-plain-sight-233240\">original article<\/a>.<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/counter.theconversation.com\/content\/233240\/count.gif?distributor=republish-lightbox-advanced\" alt=\"The Conversation\" width=\"1\" height=\"1\"\/><\/p>\n<p>                                        <!-- print only --><\/p>\n<div class=\"d-none d-print-block\">\n<p>                                                <strong>Citation<\/strong>:<br \/>\n                                                We analyzed the entire web and found a cybersecurity threat lurking in plain sight (2024, June 29)<br \/>\n                                                retrieved 29 June 2024<br \/>\n                                                from https:\/\/techxplore.com\/<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a>\/2024-06-entire-web-cybersecurity-threat-lurking.html<\/p>\n<p>                                            This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no<br \/>\n                                            part may be reproduced without the written permission. The content is provided for information purposes only.<\/p><\/div>\n<\/p><\/div>\n<p><script id=\"facebook-jssdk\" async=\"\" src=\"https:\/\/connect.facebook.net\/en_US\/sdk.js\"><\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more Like this articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/science\/\" target=\"_blank\" rel=\"noopener\">Science category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/techxplore.com\/news\/2024-06-entire-web-cybersecurity-threat-lurking.html\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Credit: Pixabay\/CC0 Public Domain Our latest research has found that clickable links on websites can often be redirected to malicious destinations. We call these &#8220;hijackable hyperlinks&#8221; and have found them by the millions across the whole of the web, including on trusted websites. Our paper , published at the 2024 Web Conference, shows that cybersecurity&#8230;<\/p>\n","protected":false},"author":1,"featured_media":626061,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/scx2.b-cdn.net\/gfx\/news\/hires\/2023\/cybersecurity.jpg","fifu_image_alt":"","footnotes":""},"categories":[16],"tags":[],"class_list":["post-626060","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sciencee"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/626060","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=626060"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/626060\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/626061"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=626060"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=626060"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=626060"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}