How Google Analytics is being used by hackers to access private data

Hackers are now using browser vulnerability to hack websites using Google Analytics scripts according to a newly released Kaspersky report. The report also showed that the main target of these hacks are personal data, including credit card numbers.

Hackers have devised a new way to access private information such as banking information and credit card numbers you enter in sites, this is according to a new report by Kaspersky.

The report indicated that they were using Google Analytics to hack into browsers, where they then hijacked information sent as headers and diverted it to their sites. Google Analytics, used to analyze site traffic and return on investment for ads, is one of the most trusted platforms by browsers, and therefore it is not exposed to huge scrutiny that other scripts go through.

Flaw allowing Google Analytics hack

Hackers have taken note of this flaw, which is found in the Content Security Policy (CSP) Header, and they are now exploiting it to their advantage. CSP is used to tell the browser which sites or scripts are safe for downloading. Google Analytics scripts are not scrutinized and are allowed by the header to be downloadable since they are not prone to hacking and they are from trusted sites.

Hackers are now hacking websites with the aim of installing their own Google Analytics to their victims’ websites. After a successful hack and integrating their own Google Analytics code in sites, they then add their own small scripts, which are used to steal data from these websites.

Data such as passwords, credit card numbers, IP address, User-Agent, time zone and other valuable personal information was found to be in high demand according to the Kaspersky report.

How can sites protect themselves from this attack

This attack is hard to track down and many websites that were analyzed had no idea that their data was being diverted. The stealth nature of these hacks, where is no damage done, and only a few lines of code are added, also makes it harder for websites to track down the hack.

In many of the sites analyzed, the report also found that hackers were able to hide the scripts from browser’s developer mode. Therefore, there was no way of knowing if a website is compromised.

The solution is to check your website to investigate if you have two Google Analytics code in your site. If your site is compromised, the foreign Google Analytics code should be removed. Then a clean swoop of your site should be done to determine where hackers were able to get into your site and implant the script. Security of the site has to be improved to ensure a similar attack is avoided, and analysis of the type of data stolen should be audited to determine the damage of the hack.


Featured image by Unsplash