Every day we use the search engine to find information and access resources, which are already essential tools for digital life. Regular search engines continue to be optimized to intercept tens of thousands of malicious attacks with robust algorithms and security capabilities and to provide full user security. But there are still outlaws who have spared no effort to exploit the pitfalls that they have set and lured the users into step by step. The work of the state security organs has revealed that illegal elements are threatening national security by, inter alia, adding malicious modules to the results of searches, engaging in illegal activities such as site access and the theft of sensitive documents。
Means of detection: "black trick"
“searching” is the malicious manipulation of the search engine by outlaws using black hat seo technology, which pushs false information, carpenter links, fraudulent pages, harmful content forward to the search results and allows ordinary internet users to click on harmful websites without knowledge, thereby achieving the goals of diversion, fraud, theft, dissemination of bad information, etc. Their modus operandi is like an underground water line。
The first step is to find “neglected websites”. The websites of some units, such as long-term non-upgrading, late patching and simple password setting, may be targeted。
Step two, hacking and implanting the "fake page." instead of changing the visible position of the front page, the attackers quietly add to the backstage some hidden pages that appear to be ordinary information, which are actually filled with false keywords, seductive links, and specifically deceiving users。
In the third step, the fake page was "upgraded" by technical means. The search engine uses these malicious pages as “relevant content” by stacking keywords, falsifying external chains, brushing traffic, etc., to push them to the forefront of the search results, even next to official information。
In the fourth step, as soon as the user clicks, it is possible to “take the hit”. When people search for relevant content, seeing domain names like “official websites” can create trust and, once clicked, they can jump to fraud pages, carpenter download pages and even be induced to leak personal information。
The attackers recycle the process repeatedly, changing websites and changing keywords, causing a constant spread of harm。
Real cases: fingertips of the “trap”
Clicking on problematic search results appears to be personal, and may pose a systemic risk to the security of the digital supply chain and pose a threat to national security when people in key positions, such as information systems operators, finance staff, research and development engineers, inadvertently click on the “toxic” link to install malicious software, thereby enabling the attackers to gain a foothold on the intranet, leading to the theft of sensitive data and the destruction of critical information infrastructure。
The work of the national security agencies revealed that employees of an enterprise searching for certain types of commonly used software through a search engine had accidentally entered a “deliced” page of an offshore hacker organization and downloaded and operated software with malicious programs, leading to the theft of sensitive data from computers. It has been verified that the enterprise has undertaken the construction of several important units of information systems and websites, that it has obtained illegal access to information such as website log-in vouchers and that it has attempted to illegally access my important units of information systems and website backstages in an attempt to steal sensitive internal information and data. Fortunately, the national security agencies have promptly identified and eliminated the risks。
State security alert
Faced with the hidden trap in the search results, we do not need sophisticated technical knowledge, but just a few good habits that can significantly reduce risk。
• recognition of identity information: the ranking of the search engine does not amount to security authentication and, when looking at the results of the search, care must also be taken to check web site information. Regular websites usually start with "https" and the browser address bar displays a security lock icon, a simple code of domain names, and there is no hyphenation, spelling。
– beware of the free trap: “cracking” “go to advertisement” software, which is often a serious area with malicious links, try not to click, if necessary by downloading software, preferably manually into an official web site, for downloading on a secure official website。
— maintaining immunization protection: installation of terminal safety protection software is a necessary measure to secure computers and personal information. Maintenance of equipment systems and poison software upgrades, real-time monitoring, timely updating of browsers, operating systems and various software patches. When you encounter a page forced jump, a frequent bullet window, an abnormal request permission, you immediately close the exit without any click action。
Every time a “suspicious link” is alerted to the security of the state for the sake of the people, and every time a report of a violation is made, it is added to the maintenance of a clear cyberspace and to the preservation of national security. If the general public discovers suspicious information about a threat to the security of the state, it can report it through the state security agency, through the telephone, the internet and reception platform (www. 12339. Gov. Cn), the ministry of national security's wireless public notice channel or directly to the local state security agency。
