The Internet flaw that millions of websites have and can lead to your being kidnapped

There are about 30 billion web pages on the Internet globally. And many of them are compromised. This is according to a recent study presented at the Web 2024 Conference by a team led by Kevin Saric, a computer scientist at the CSIRO (Commonwealth Scientific and Industrial Research Organisation). The analysis concludes that cybersecurity threats on the web can be exploited on a dramatically larger scale than previously thought.

“Our latest research has found that clickable links on websites can often be redirected to malicious destinations. We call them hijackable hyperlinks and we have found them by the millions all over the web, even on trusted websites,” Saric explains.

The authors note that they found these hijackable hyperlinks on the websites of large companies, religious organizations, financial firms, and even governments. The hyperlinks in these Websites can be hijacked without setting off any alarm bellsOnly the most attentive users would avoid falling into these traps.

One of the keys to falling into these errors is making a typo when entering the web address of our bank. “If you are in a hurry – adds Saric – and do not inspect the website carefully, you can enter sensitive personal data and pay a high price for your mistake. This could include identity theft, account compromise, or financial loss. Something even more dangerous happens when programmers misspell web addresses in their code. There is a chance that their typo will direct users to an Internet domain that was never purchased. We call these “ghost domains.”

For example, a programmer who creates a link to larazon.es/tecnologia makes a mistake and creates a link to larazon.es/teconlogia, with the latter word misspelled. These Linking errors by programmers not only risk directing users to phishing sites or phishing. The hijacked traffic can be directed towards a variety of traps, including malicious scripts, misinformation, offensive content, viruses, and whatever other attacks the future may bring.

“We scanned the entire web for these vulnerabilities. On a scale never seen before in research, in total we analyzed more than 10,000 hard drive data,” says Saric. “In doing so, we found more than 10,000 hard drive data sets.” 572,000 ghost domains. Hijackable hyperlinks directing users to them were found on many trusted websites.”

Most of the errors were caused by typos in hyperlinks, but another type of programmer-generated vulnerabilities were also detected: placeholder domains.

To determine whether the hijackable hyperlinks could be exploited in practice, Saric’s team purchased 51 of the phantom domains and analyzed the traffic. Compared to similar new domains that lacked hijacked links, 88% of these ghost domains got more traffic, with up to ten times more visitors. For average web users, the best way to protect yourself is to be careful, read the links and the websites they direct you to. That’s the basic rule, especially with links, becoming “grammar detectives”, so to speak.