What Is Broken Link Hijacking?
It is a general practice to link external resources, third-party sites, and pages on websites/web applications. Including such outbound links is an SEO best practice. In other cases, websites and web applications may use external links for link shortening, storing scripts, analytics pages, and even CDN or file hosting services. What happens if linked pages/ resources cease to exist, but the links remain on the website? It causes a high risk of Broken Link Hijacking, a type of web attack.
Let us delve deeper into Broken Link Hijacking and understand how to prevent this web attack.
Understanding Broken Link Hijacking
Broken Link Hijacking (BLH) is a web-based attack where the attackers take over expired, stale, and invalid external links on credible websites/ web applications for malicious/ fraudulent purposes. These external links are used for a multitude of purposes ranging from SEO to load resources from external URLs/ points. These links may expire or become invalid, for instance, owing to domain expiry. And the attacker takes control of the resource at the other end of such a link somehow and uses it to fulfill his/her motives.
For instance, the blog section of a popular e-commerce website has an embedded link to an image hosting site. After a while, this link is dead, or the domain has expired. Unaware of this, the e-commerce website’s blog still consists of this external link and continues to get more views over the years. An attacker, while
snooping around the website, finds this security gap and buys the expired domain. Thus, the attacker gains access to the blog visitors through the broken link. Using the broken link, the attacker may engage in a range of nefarious activities, ranging from content scraping and defacements to website hijacking and XSS attacks.
What Makes BLH Attacks Possible?
Link Hijacking attacks occur because the website/ web application continues to contain links to expired/ stale resources/pages (loaded using external URLs).
Given the relentless transformation of the Web, all externally loaded resources will not remain unaltered and accessible forever. There could be domain expiry, deletion of page/ resource/ account, website restructuring, business rebranding/ acquisition, etc. that could cause outbound links to rot/ expire.
What are the Risks Associated with BLH Attacks?
Attackers leverage Broken Link Hijacking in numerous ways, some of which are detailed below.
Defacements
By purchasing expired domains and using the broken links on websites/ web applications, attackers can engage in defacements. They can change your original content to their malicious or offensive content. This could lead to an erosion of the company’s reputation, customer attrition, and distribution of malware.
Several celebrity social media accounts have been affected by BLH attacks.
Stored XSS Attacks
Often, companies load scripts from external locations/ resources for several reasons. For instance,
- Caching JavaScript (JS) to speed up page loading
- Separation of HTML and JS for easier maintenance
- Link to traffic analysis, etc.
If these links are broken, the attacker may take over the domain or resources and substitute the scripts. This leads to stored XSS attacks with malicious scripts loading automatically on the web pages with every visit.
Learn more about the XSS attack, here
Impersonation
Another big risk associated with BLH is impersonation. Broken link hijackers leverage expired endpoints (expired domains, deleted social media accounts, etc.) at the end of broken links to impersonate companies and high-profile users. This causes heavy reputational and financial damage.
For instance, a company may delete a social media account but leave the link on their website. The hijacker will simply create an account with that name and post something objectionable or engage in phishing, posing as the company.
Other Risks
- Content Hijacking
- Information Leakage
- Phishing Attacks
The Way Forward: Preventing Broken Link Hijacking
Attackers can scan for broken links on a website/ web application by using one of the many tools available on the internet. Thereon, it is a straightforward process to exploit these broken links for their malicious purposes.
Businesses, on the other hand, are unaware of the existence of broken links for years on end. This could be because the vulnerability scanners are not equipped to check for the broken links and pen-testers overlooked these.
The best way to prevent Broken Link Hijacking attacks is to proactively identify such stale/ dead links and remove them from the website regularly. Intelligent Vulnerability Scanning tools like AppTrana can identify thousands of vulnerabilities, including potential broken links and defacements. When combined with a robust WAF and pen-testing by certified security experts, businesses can stay leaps ahead of attackers and prevent Broken Link Hijacking.