Hijacked

While we are still on gates and access, it would be good to look at the possibilities of being hijacked after you’ve made it through the gates. Normally, when you drive past the gates, your assumption is that you are safe; you don’t keep looking over your shoulders as you go about your business. Since everything was fine at the gates, you become more relaxed and lower your suspicion as you freely run your transactions, purchase your book and submit your assignments. But the fact that the check was solid at the gates doesn’t mean the terrain is completely safe; checkpoints don’t end the war, they simply provide checks while the war persists, and an attack can take place on either side of the gates—your activities within the gates can literally be hijacked! How does this happen? Let’s back track a little. You are driving up to your bank to run some transactions and you are greeted by locked gates (the login form). You provide your credentials, the guards look through them and confirm that they are legit, so they print you a visitor’s tag with a unique visitor’s ID and other information that allow you go in without being kicked out by other guards within the premises in the middle of your transaction. This visitor’s tag is what we call a Session Token. Now, picture that by some clandestine means, a malicious adversary was able to get a copy of your visitor’s tag, say he was not too far away with his high focus camera zooming in and taking snapshots of the tag as it was being printed out and handed over to you (of course the actual methods of getting this information are more technical than this, but that’s not our focus here). Now he has the same tag you have that lets him go about your business without being kicked out too. He hijacks your session and goes to work, gathering the spoils of war—either transferring funds or stealing information or running other transactions. Note that you might be done before him and leave (especially by simply closing the tab without logging out), but he’s still in there executing operations on your behalf; by the time you realize what has happened, he would have been long gone, leaving behind the ruins of his attack.

Session hijacking is a very common form of attack in cyberwarfare, and there are several ways that an adversary could steal session tokens; he could exploit some vulnerabilities in the destination site and drop a script there that copies the tokens when you come in, he could also intercept communications in your browser using certain tools and gain access to your session information. Whichever method he uses, yours is to be aware of this possibility beyond the gates, and to establish counter measures to avert its occurrence.

As a Conscripted soldier, here is what you must do.

 

Marching Orders

  1. Use a licensed Virtual Private Network (VPN) to fully encrypt your activities online.
  2. Always ensure your browser is up to date (you can run a search on “Updating my Firefox browser” or whatever browser you use to get this done).
  3. If you’re logged in and working, and a popup suddenly comes up telling you that your session has expired after some time of inactivity, and requesting you re-enter your password to continue your session, don’t use the popup; you can refresh the page and sign in again. While such popups could be legitimate at times, it also could be a hoax by attackers to hijack your session, and since you can’t be absolutely sure, then better be safe than sorry.
  4. Always logout completely and close the browser when you’re done with your session. Never close the browser without logging out.
  5. As always, sound the battle cry to those around you—“Stay alert! An attack could take place on either side of the gates.”

Leave a Reply

Your email address will not be published. Required fields are marked *