We analyzed the entire web and found a cybersecurity threat lurking in plain sight

Our latest research has found that clickable links on websites can often be redirected to malicious destinations. We call these "hijackable hyperlinks" and have found them by the millions across the whole of the web, including on trusted websites.

Over half a million phantom domains

Using high-performance computing clusters, we processed the whole browsable web for these vulnerabilities. At a scale never seen in research, in total we analyzed over 10,000 hard drives' worth of data.

Doing so, we found over 572,000 phantom domains. The hijackable hyperlinks directing users to them were found on many trusted websites. In a twist of irony, this even included web-based software designed to enforce privacy legislation on websites.

We investigated what errors caused these vulnerabilities and categorized them. Most were caused by typos in hyperlinks, but we also found another type of programmer-generated vulnerability: placeholder domains.

When programmers develop a website that does not yet have a specific domain, they often enter links to a phantom domain with the expectation the links will be fixed later.

We found this to be common with website design templates, where the aesthetic components of a website are purchased from another programmer rather than developed in-house. When the design template is later installed on a website, the phantom domains are often not updated, making links to them hijackable.

To determine if hijackable hyperlinks could be exploited in practice, we purchased 51 of the phantom domains they point to and passively observed the inbound traffic. From this, we detected substantial traffic coming from the hijacked links. Compared to similar new domains that lacked hijacked links, 88% of our phantom domains got more traffic, with up to ten times more visitors.

What can be done?

For average web users, awareness is key. Links cannot be trusted. Be vigilant.

For those in charge of companies and their websites, we suggest several technical countermeasures. The simplest solution is for website operators to "crawl" their websites for broken links. Countless free tools are available for doing so. If any broken links are found, fix them before they are hijacked.

We, the Web

British scientist Sir Tim Berners-Lee first proposed the web at CERN in 1989. In his earliest description of it—still widely available on the web as a testament to itself—there is a section titled "non requirements," where security is addressed. This section includes the fateful phrase:

"[Data security is] of secondary importance at CERN, where information exchange is still more important."

While this was true of CERN in 1989, the web is now the primary information exchange medium of the modern age.

We have come to treat the web as an external component of our own brains. This is evidenced by the popularity of large language models like ChatGPT, which themselves are trained on data from the web.

As our dependence deepens, it might be time to mentally re-categorize web data security from "non requirements" to "important requirements."

#CyberSecurity #WebSafety #HijackableHyperlinks #PhantomDomains #DataSecurity #WebVulnerabilities #OnlineThreats #WebDevelopment #TechResearch #WebsiteSecurity #ProgrammingErrors #LinkHijacking #InternetSafety #DigitalSecurity #WebThreats