What is Session Hijacking?

Sometimes referred to as TCP session hijacking, session hijacking is an incident in which a third party takes over a web user session by obtaining the session key and pretending to be the authorized user of that key. Once the hijacker has successfully initiated the hijacking, he or she can use any of the privileges connected with that ID to perform tasks, including use of information or resources that are being passed between the originator of the session and any participants. Hijacking of this type may be readily noticeable to all concerned or be virtually undetectable, depending on what actions the hijacker takes.

The process of session hijacking focuses on the protocols used to establish a user session, Typically, the session ID is stored in a cookie or is embedded in a URL and requires some type of authentication on the part of the user in order to initiate the session. It is at this point that the hijacker can sometimes make use of defects in the security of the network and capture that information. Once the ID is identified, the hijacker can monitor every exchange of data that takes place during the session and use that data in any way he or she desires.

Session hijacking is somewhat like a man-in-the-middle attack, in that the hijacker can intercept information flowing to and from the authorized user, either copying or even altering it before passing it on to the intended recipient. This type of hijacking does offer the additional ability to use the session to look for other data that is not being passed back and forth, assuming that the computer network security does not detect what appears to be unusual activity connected with the authorized user. For this reason, session hijacking is not always about fraudulently obtaining proprietary information; at times, it is simply to disrupt an operation by altering data and feeding false information to sources where it will do the most harm.

Finding ways to avoid the exploitation of possible weaknesses in the authentication process is part of the process of defending against session hijacking. To that end, many businesses use layered security protocols that mask the authentication process as it happens. As with most security solutions, hackers continually discover ways to work around those preventive measures, making it necessary to constantly develop new processes that block hijackers before they have the chance to steal or alter data as part of a corporate espionage operation.