Insights > Blog

Broken Link Hacking

The Internet has been around for decades. Hyperlinks are a core element. So common nowadays, their existence is overlooked by the casual browser. When website visitors click a link, they trust that link will take them where they want to go. What happens when good links go bad? This post will cover the details.

Here is the formula for a situation where the attack can occur:

Missing Webpage + Abandoned Webpage + Hacker = Threat


Missing Webpages

Over the years, a lot of web pages get created. When I was a kid in the 90s, I probably created a dozen sites on random topics using platforms like Geocities. I have no idea what happened to those sites or if they are even lurking online somewhere. I had links to other sites on them of course and other sites linked to it. Those links and the website itself are lost to the world. A study says that 98% of the links became invalid over 20 years’ time. The term for these abandoned links is link rot. Social media is equally vulnerable to this phenomenon. After two years, 30% of links do not go to their intended destination.

There are several reasons for webpages and their corresponding URLs to go missing. The owners of a domain might fail to be renewed and the former content will be wiped. Companies shut down or transfer ownership. The aforementioned Geocities was actually closed in 2009, taking thousands of websites with it. A website might simply undergo a redesign and the link structure changes without proper redirects.


Abandoned Webpages

The second part of the equation is pages that contain links to non-existent pages. In order to ensure a website’s links are still valid and working, the person maintaining the website would have to manually check all the outbound links. This is not practical and the website owner might not see the value. There are websites and tools that website that can crawl a website for broken links. Even though the webpages are no longer maintained, they might rank for certain keywords on Google or other search engines. This means traffic is going there.


The Hacker’s Malicious Techniques

With traffic, there is value and opportunity. This where the criminal hackers come in. The actions to execute the hack are not complex or even very technically difficult.

The first step is finding websites that have links that do take people to the correct destination. The method to do this could be simply a manual process or website scrapers could be employed to crawl sites and find.

Next, the hacker needs to determine what the exact link to the website is. Often broken links could redirect and the URL changes somehow. Viewing the source and getting the URL is possible by looking for the code of a link:

<a href="">

The hacker now needs to do is take over the domain in question and put a new one in place and match the URL. A domain might have been abandoned or a hacker might find a way to get a page on an already existing website. After the page is up, any number of techniques could be used for malicious gain. The website could be made to clone the former website. This enables the hacker to steal credentials if the former site had a login. The website put up by the hacker could load malware, which could have negative consequences for the visitor.


Ways to Mitigate Broken Links Hacking

Stopping broken link hacking from happening is possible from some perspectives, while others are not plausible.

Missing Webpages: It is a fact of the Internet that webpages come and go. There are monthly and yearly costs associated with running a website. Redesigns frequently happen, which results in new URL structures. The new structure often does not have proper redirects setup.

Wrong Links: Webmasters can keep watch over their site manually to ensure links are accurate. As mentioned above, free website services can scan and crawl links to find errors.

User Behavior: People visiting websites they are not familiar with should be cautious following links. It is not realistic to expect a person to think deeply about every click. But if you are visiting a site that you have never been before be cautious. If the topic of the link is somewhat illicit, also beware. Links to sites related to gambling, adult themes, or gaming might be particularly suspectable to being hacked.

Did you enjoy this blog article? Comment below with your feedback.


Submit a Comment

Your email address will not be published. Required fields are marked *


Information Security Maturity Self-Assessment Survey

Learn More

•  Whitepapers
•  E-books
•  Checklists
•  Self-Assessments
•  Webcasts
•  Infographics