New Hacking Method: Hackers Use Cookies

In 2020, cybercriminals learned to hack victims’ accounts in a new way — using cookies either for pinpointing the victim or for the hacking itself. The problem is that almost every website has access to them.

How do you manage cookies and protect yourself from hacking? Today we will tell you in this article.

Find the best way to prevent internet tracking here.

Cookies are small bits of text that websites store on the user’s computer. They record almost any information about the site user: at what time and from what device they went to the page, what products they were interested in, what search queries they entered, and so on.

What is a cookie

Almost every site requests permission to use them on the first visit. Their primary purpose is to save time for both the user and the resource. The user can enter the username and password once, and then the next time they can just click on “Log in.” Cookies can allow an online store to offer products more accurately. For example, if the last products viewed by the visitor are Xiaomi heaters, then these devices from a particular brand will appear on the main page.

Moreover, cookies are stored securely. Passwords are encrypted, and if the site is hacked, hackers will not receive readable user data. Cookies do not directly display passwords but instead contain a hash that stores your password. When the password was hashed, it was encrypted so that only the website from which it was recorded in the cookie could read it. Each site uses a unique encryption algorithm to encode the hash and decode it.

Cookies are also used to set up ad impressions on the internet. For example, targeted banners work based on your browser history, which is also a cookie.

Did you hear that the World Wide Web collects browser fingerprints? Read more here.

What are cookies?

Cookies are divided into two types:

1. Temporary cookies. These include data about the pages viewed, records of order forms, and other information that allows customers to simplify their use of the site. They are deleted after the user leaves the resource.

2. Permanent cookies. These are not deleted after the end of the session with the site. Permanent cookies track the history of site visits. This is how the username and password are stored, if the user caches them after registration. The history of the browser and the pages viewed on the site are also recorded.

The duration of their storage depends on which zone these files are located in. There are three of them: white, gray and dark.

  • White zone — temporary and permanent cookies. They are easy to manage and can be deleted.
  • Gray zone — third-party cookies that are recorded not by the site itself, but by another piece of code. For example, an advertising banner. The pages visited on the sites allow it to form a record of user preferences.
  • Dark zone —  supercookies and evercookies. It is forbidden to record them, and search engines block sites that do this. They are read only if the site is hacked or if an unreliable data transfer protocol is used. Evercookies are non-removable: they can be restored even after being forcibly erased from the browser history.

Why is cybersecurity important? Learn more here.

How do scammers use cookies?

First, cookies can help scammers to choose a victim more accurately. Cyber analysts consider personalization and targeting attacks to be the main trend in the development of fraud on the internet. The victim is selected based on the analysis of cookies.

Reasons for cookies usage

However, they can also be used directly for hacking. It is forbidden to record the personal data of users in cookies. That is, it is impossible to identify the victim directly by reading them. Passwords are also not available here. At the same time, they simplify the hacking process since they store the data for logging into the account.

By installing cookies with hashed passwords in your web browser, a cybercriminal can immediately access an account on this site without entering the victim’s registration data. If an attacker can gain access to your computer or your network, then with a high degree of probability, they will also get hold of the “cookies,” for example by using a Firefox browser extension called Firesheep.

When websites “remember” a user, they store a unique session ID in cookies, which allows them to identify the person. Attackers can deceive websites by obtaining such an ID and then can “introduce themselves” to the victim and take control of their account. One of the likely scenarios for how attackers can implement such a scheme is to infect the device with a virus.

Last year, two Android viruses were discovered that worked in this way. They just saved cookies recorded by smartphone browsers and applications of popular social networks, in particular Facebook. They allowed attackers to surreptitiously gain control of the victim’s social media account and distribute content on their behalf. For example, launching large-scale spam mailings and phishing attacks. Once on the device, the Trojan obtained root rights and transmitted cookies from the browser and the installed social media application to the attackers’ server.

There are also more advanced viruses. Often, having only the session ID is not enough to take control of someone else’s account. Several websites have security measures in place to prevent suspicious login attempts. It was for such cases that the second Trojan was intended. It could run a proxy server on the phone and give attackers access to the internet from the victim’s device to bypass security measures and log in to the account.

Read more about various viruses here.

How does the law regulate cookies?

Over the past few years, the technology industry has had many high-profile scandals with user information leaks. This has led to stricter legislation on cookies.

In Europe, the General Data Protection Regulation (GDPR) was adopted several years ago. According to its privacy rules, each internet resource is obliged to notify its visitors that it collects this data. Although, as a rule, the notice only informs you about the use of certain cookies, more details about your interaction with them is described in the “User Agreement.”

Can you block the collection of cookies?

Yes. There are three ways to do this:

  1. Install an ad blocker—for example, AdBlock. Targeted banners will no longer be able to access your data.
  2. Disable their transmission in the browser settings. Go to “Settings –> “Privacy,” and in the cookies section, close access to them.
  3. Enable incognito mode. The sites themselves will be unable to access any information about the user. It is transmitted only to the service provider.
Cookies block

These actions are suitable for those who are worried about privacy. Keep in mind, though, that the sites will interact with the user less accurately. For example, in an online store on the main page, the most popular products will not be tailored for the user, but will simply be the most popular ones.

Our team sees only one reliable way to avoid this type of identity theft — it is to refuse all cookies and disappear from the internet.

The best way to do this is written here.

However, almost all sites on the internet collect this data. Therefore, you need to use Utopia P2P — a closed private ecosystem that is anonymous does not collect users’ personal data, or store users’ data on a single server.

By relying on Utopia, users can create a private site with anonymous access, which will not track the IP addresses, location, names, and other personal information of users and visitors. So, users can forget about cookies and the possible threats associated with them forever.

Read more about Utopia in comparison with other private tools here.

In addition, here are some tips from a cyber expert for solving the cookie problem. However, remember that these are only temporary measures, the effect of which will not last long.

  • Do not store cookies on suspicious sites or when this is not necessary.
  • Follow the primary security rules that will reduce the likelihood of infection of the device with malware: Do not download applications from third-party stores, regularly update the device, scan the system, and use a reliable security solution.
  • For additional control, you can use particular extensions that can be used to delete, search, protect, or block cookies.
  • Do not click on suspicious links, so that your smartphone or computer is not infected with a Trojan.
  • Do not download applications from unreliable sources — only from the official application in the App Store and Google Play.
  • Use complex passwords — different for all devices and resources. Change them once a quarter.
  • For online purchases, you should have a separate bank card. Do not leave your “plastic” data on suspicious resources. For example, those with the HTTP protocol instead of the more secure HTTPS. It could be a phishing attempt.

Pay attention to other tips for data security within the internet.


Leave a Reply

Leave a comment

Your email address will not be published.