by- Saumya Tripathi
Web Jacking is done at the places where the attackers create a fake website and when the website opens it will direct it to another website and harm the user’s system. It is basically done to steal the sensitive data of the victim and use it. As there are many types of cyber crime that are growing with a fast pace in society it becomes very important to stop it and for that everyone should have a full knowledge of the cyber- security. Every person who makes the website is having their own domain and no one can have the same domain but when it is highjacked then the other person takes that domain and then ask for the ransom from the real owner. He may also conduct illegal activities on the website. Customers and the subscribers everyone can be fooled because it looks so similar to the real website and it becomes difficult to know that it’s not the real website.
Web Jacking is one of types of Cyber Crime. There are different tactics and strategies adopted by cyber people to carry out nefarious activity on the web. Web Jacking is used in social media where the creators makes a fake website and when the website open it will direct it to another malicious website then it harms the user’s system. In simple terms when the website or the web is hijacked then its terms as Web Jacking. Recently, the site Ministry of Information Technology was hacked by Pakistan hackers and also by the Bombay crime branch site was also been hacked. It is done to take out all the sensitive and confidential information of the users. Web jacking attack method is one kind of trap which is spread by the attacker to steal the sensitive data of any people, and those people got trapped who are not aware about cyber security.
METHODS OF WEB JACKING
• The first thing that is done in Web Jacking is to create a fake page of victim website for example www.anywebsite.com/login.php.
• The second step is to host it either on your local computer or shared hosting.
• Then third comes to send the link of the fake page to the victim.
• Further comes the fourth step in which the victim thinks that it is a valid link and click on it and enter all his details and submit it.
• Last step, comes accused will get all the details submitted by the victim.
WHAT ARE THE THREATS?
As the fraudster taken over the domain, he may tell the real owner of the website to pay the ransom for restoring control over him. He may also conduct illegal activities on the website and then the customers and subscribers all can be fooled by thinking that they are working and entering the details in the real website but in reality, it’s a fake one.
WEB JACKING RISKS
Web jacking creates many losses to the real owner that it destroys the reputation of the real owner, his website, brand image, financial losses.
LEGISLATION RELATED TO WEB JACKING There are following sections that will be used during the case of Web Jacking which are as follows-
• Sen Sending defamatory messages by email – Sec 499 IPC
• Sending threatening messages by email – Sec 503 IPC
• Forgery of electronic records – Sec 463 IPC
• Bogus websites, cyber frauds – Sec 420 IPC
• Email spoofing – Sec 463 IPC
• Web-Jacking – Sec. 383 IPC
• E-Mail Abuse – Sec.500 IPC
Mainly section 383 deals with Extortion which also includes about Web Jacking: Whoever intentionally puts any person in fear of any injury to that person, or to any other, and thereby dishon¬estly induces the person so put in fear to deliver to any person any property or valuable security, or anything signed or sealed which may be converted into a valuable security, commits “extortion”.
CASE RELATED TO WEB JACKING
In a recent incident reported in the USA the owner of a hobby website for children received an e-mail informing her that a group of hackers had gained control over her website. They demanded a ransom of 1 million dollars from her. The owner, a schoolteacher, did not take the threat seriously. She felt that it was just a scare tactic and ignored the e-mail. It was three days later that she came to know, following many telephone calls from all over the country, that the hackers had web jacked her website. Subsequently, they had altered a portion of the website which was entitled ‘How to have fun with goldfish’. In all the places where it had been mentioned, they had replaced the word ‘goldfish’ with the word ‘piranhas’. Piranhas are tiny but extremely dangerous flesh-eating fish. Many children had visited the popular website and had believed what the contents of the website suggested. These unfortunate children followed the instructions, tried to play with piranhas, which they bought from pet shops, and were very seriously injured!
HOW TO BE SAFE FROM WEB JACKING METHOD
• Don’t enter sensitive data in any link sent to you.
• Check the URL
• If the address seem so that it is true that doesn’t means that it is.
• Read company name carefully and identify it is right or wrong.
• Check it carefully that there is https protocol or http protocol and then if you find that there is http protocol then don’t fill your data. • If you are not sure site is real or fake enter a wrong name and user and password.
• Use a browser with anti-phasing detection.
• It’s advisable to install No script addon if you’re using Firefox. They provide protection against frame-based attack, by preventing scripts from loading.
The purpose of this Web Jacking is to destroy someone reputation or it can also be done to take ransom from the real owner. It is a quite interesting technique that tries to trick the user that the web page is real but in reality, it’s a fake web page and then by clicking on it by the victim they access all the information of the victim.