Skip navigation

BMBF-funded research project INSPECTION detects and informs hacked websites

| Press Release | AIR&D

The interdisciplinary consortium of the research project INSPECTION started its work in June 2020. The aim of the actors is to detect hacked websites in the environment of fake shops and to inform the affected website operators. mindUp Web + Intelligence GmbH is the initiator and project coordinator and contributes in particular know-how in the detection through artificial intelligence.

Fake shops are currently increasingly trying to lure consumers into their traps: cheap hygiene articles or medicines that supposedly protect against the corona virus, which first have to be paid for but never arrive. To get to the top of the search engine, they are not afraid to hack websites of innocent citizens, organisations or companies and use their good reputation to direct visitors to their fake shops.  The tricky thing about this is that you don't even notice this manipulation when you call up the website as usual.  The illegal intervention therefore often remains unnoticed by the operator for many years, because the websites function as before, only that the operator is suddenly found for completely different topics than desired. Another problem is that the hacked website can cause even more damage: from the distribution of spam to ransomware. A research initiative of mindUp Web + Intelligence GmbH in cooperation with the Karlsruhe Institute of Technology (KIT) and the cybersecurity department of BDO AG with the participation of associations and webhosters detects hacked websites from the outside and informs the operators in a targeted manner.

The project, funded by the Federal Ministry of Education and Research in the KMU-innovativ programme, is divided into three sections: finding, dealing with and preventing this form of hacking. The technical task of finding the manipulated websites is carried out by mindUp Web + Intelligence GmbH. Using machine learning methods, it is recognized which particularities of a website indicate hacking. For this purpose, web crawling techniques are used to analyze search engine results and the content of the web pages with the help of text recognition methods. With each recognized page, the knowledge of the system increases and contributes to the further recognition performance of the artificial intelligence.

However, recognition is only one component in the overall process. The research group SECUSO (Security-Usability-Society) of the Karlsruhe Institute of Technology (KIT) is investigating within the project whether, for example, addressing the operator via the web host or, in the case of companies, via industry associations enables an effective approach. At this point, 1&1 Ionos SE and Domain Factory / Host Europe Gmbh on the part of the web hosters, the Baden-Württembergischer Handwerkstag and the Fachverband der Elektro- und Informationstechnik Baden-Württemberg on the part of the industry associations support the project. The speech is based on so-called "teachable moments", i.e. the speech takes advantage of the fact that those affected by the hacking attack are sensitized. Furthermore, effective prevention materials are to be developed.
The project will also answer the question of how website operators can be given the necessary support. On the one hand, the security of the website can be made permanent and on the other hand, the unwanted entries can be removed from the search engine. To this end, BDO AG is analysing the various attack vectors used. Depending on the type of attack which has occurred and the system used, measures which are as generally comprehensible as possible and which are also useful for prevention purposes are worked out.
The ECO association with its website security project SIWECOS, the Inititaitve Deutschland sicher im Netz e.V. and the Allianz für Sicherheit in der Wirtschaft (Alliance for Security in Business), for example, support the dissemination of the prevention materials. For cases from Switzerland and Austria the Swiss Internet Security Alliance and the Watchlist Internet are involved.