A Latvian cyber hacker named Peteris Sahurovs was sentenced to 33 months in prison for a cyber-attack scheme that infected computers after they visited the Minneapolis Star Tribune’s website. After serving his sentence, Sahurovs will be deported to his native Latvia.
At one time, Sahurovs was among the FBI’s most wanted criminals. From 2009 to 2011, he operated a web hosting service in Latvia. The hacker sold server space to criminals who needed a host willing to ignore illegal activity on their servers.
Later on, investigators found that associates of Peteris Sahurovs, including his wife, created a fake advertising company, known as RevolTech Marketing, and contacted a local news website to purchase advertising for their “client,” a well-known American hotel chain.
Next, RevolTech created an advertisement for the hotel that redirected to what appeared to be a legitimate site. The hackers then would direct computers to a malware-infected website.
The malware was installed whether or not the user clicked on the ad. Once infected, the only way users could remove the malware was to purchase a fake anti-virus software at a cost of $49.95.
The thing is, you didn’t have to interact with the website at all or click anything to be infected. In other words, once you went to the website you were simply infected through the web browser. Then, you’d have to click the link and buy the software.
Between the $50 fake anti-virus program and the hacker’s fraudulent use of several of the victims’ credit cards after the purchase, the overall scam cost victims an estimated $2 million.
The reality is, the victims didn’t click or download a dangerous website or file. They simply didn’t have any security measures in place with their web browser so the fake ads were allowed to appear and fool them.
With that being said, here are a few weaknesses in web browsers that you need to keep your eye on and fix.
Compromised extensions. Web browser extensions make surfing the internet a lot easier. But, however useful or fun they may seem, they typically have a great deal of power and can effectively read and/or write all data in your browsing sessions.
The problem is, it’s not uncommon for extension makers to sell or lease their user base to shady advertising firms, or in some cases, give them outright to cybercriminals.
For instance, if the owner of a web browser extension goes out of business they could sell the software to a third party without you knowing. In other words, always do your research before downloading a browser extension.
Harvesting saved login credentials. Saving logins for websites you regularly visit is incredibly risky. The scary thing is, two mouse clicks might be all it takes for a criminal to have access to your banking/credit card website.
Basically, with your saved credentials, a hacker who can get into your email can reset your password on almost any website you access.
Exploiting the browser cache. The browser cache involves storing sections of web pages for easier access or loading on subsequent visits, which can show where you’ve been and what you’ve seen.
The thing is, hackers can use malware that is tailored to prey upon cached data, which gives the hacker a great deal of information about your browsing habits. To avoid this, you should manually clear your cache and history on a regular basis.
The bottom line is, our web browsers contain a massive amount of personal information, which is why hackers target the data. So, you should limit the number of web browsers you use, since the more you have, the more avenues there are for hackers to exploit.
In addition, always make sure your web browsers are up to date with software updates, and double check the security settings.
Firefox, Chrome, and Microsoft Edge are all popular web browsers, but make sure you have the appropriate security settings in place to avoid having your browser compromised.