Alphabets

Image from Unsplash

It is a somewhat strange sensation when suddenly everyone is talking about something and you have no idea where it came from. My teammates came to the rescue: it was on Facebook, which is just a corner of the internet I never visit. You may have seen it, though: that message that warns about links that are not what they seem because they contain letters from a different alphabet. It was adopted by the popular newspaper USA Today and then things went fast.

Homoglyphs is the term for characters that look like letters. The best-known examples of homoglyphs in our own world are the 0 and the O: the first is a number, the second a letter. Always hard to tell the difference. And what about the l and the I? The first is the lowercase L, the second the uppercase i. Since we usually use sans-serifs in modern texts, you won't see the difference. If you choose a font with serifs, you will see this: “And what about the l and the I?” ( Courier New font).

The Cyrillic alphabet, used in Russia and its surroundings, also contains homoglyphs. In the example shown on Facebook, our a and its Cyrillic counterpart are mentioned. Incidentally, the letter, which is called the Cyrillic a in that message, is the Greek letter alpha (ɑ). Because the Cyrillic a looks like this: а.

All letters, numbers and other characters that you can type on your keyboard are defined in tables. The best-known table is ASCII, IBM mainframes speak EBCDIC and the most extensive is Unicode, because it defines the letters of all alphabets – not just the Latin alphabet we are familiar with. The Cyrillic letter at the end of the previous paragraph was created by typing the Unicode for that letter (0430) and then pressing Alt and X. With the help of the Unicode tables you can therefore make all characters, even if they do not appear on your keyboard. Like for example Њ and ß.

In the address bar of your browser you will not see the difference between amazon.nl and аmаzon.nI (the latter contains the Cyrillic a and a capital i). While you might think that this URL will take you to the Dutch website (.NL) of that company, it will take you to a website hosted in Nicaragua, as the top level domain (TLD) .ni belongs to that country. You see how easily criminals can lure you to their fake website, where they then steal your data or install malicious software on your device. Dutch domains, which fall under the TLD .NL, are relatively safe because no domains can be registered with characters from other than our own alphabet. But beware: the trick with the i and the L does work here.

Your browser can protect you from a homoglyph attack simply by not supporting them or by rejecting a mix of different alphabets. In addition, many domain registrars also ensure that no domains are registered that are no good. So you could say that all the attention to homoglyphs is a bit exaggerated – after all, effective measures have been taken.

In this context, I would also like to mention another form of trickery and deceit called typosquatting . In this trick, someone registers a domain name that looks like a real one, and then hopes people will make typos or get the name wrong and end up on their site. Think for example of googel.com, amazone.com or microsof.com. The holders of the official websites of these organizations can protect themselves against this by registering all domains that are similar to their own. If a smart guy manages to score a similar domain, the holder of the real domain can demand that the fake domain be cancelled.

My guess is that homoglyphs won't get you in trouble anytime soon. The chance that you type in a wrong web address that happened to be thought of by a typosquatter is somewhat higher. But I think the most remarkable thing about these techniques is that they exist at all. This shows once again that criminals can be particularly inventive and possess a great deal of knowledge.

 

And in the big bad world…

This section contains a selection of news articles I came across in the past week. Because the original version of this blog post is aimed at readers in the Netherlands, it contains some links to articles in Dutch. Where no language is indicated, the article is in English.

• you can of course also hack a satellite. [DUTCH]
• a lot of crypto currency has disappeared into the pockets of criminals. [You can ignore the advertisement in the article.]
• you can unlock many mobile devices with a photo of the owner. [DUTCH]
• there is a powerful lobby in Europe to make regulations on artificial intelligence not too strict.
• hacked ChatGPT accounts are traded eagerly.
• criminal service providers provide the 'crypting' of malware.
• There are several of flavors of two-factor authentication.
• America is committed to combating state actors. [DUTCH]
• your abandoned shopping cart provides an entry point for attackers. [DUTCH]
• even with pet feeders, it's a bad idea to hard code passwords. [DUTCH]
• Telegram is becoming increasingly popular with criminals.