Some scanlation sites could be honey pots.

What’s this a cyber security post on a manga website?

Well why not, since I’m a geek and I also like computers. I’ve been using them a very long time.

Scanlation sites are bad in more ways than one, however, unlike many I don’t buy this argument (and never have) that scanlations necessarily equal less revenue for publishers, because lets face it many of the people who read manga only read it because it’s there for free, they don’t care necessarily where it comes from. Many of these sites are full of potential danger for users also.

Recently one major scanlation site was hacked and the entire database was stolen, so that’s the personal information of like 3 million people. Other sites still are filled with malicious advertising which is an attack vector for malware.

The best advice is to stay away from such sites, but certainly never sign up for an account with such sites and always use ablockers such as U-Block origin to defend against malvertsing.

As time goes on the excuses for reading scanlations become weaker and weaker especially when the sites are filled with vast numbers of licenced manga. Legitimate sources do exist, but they are in all fairness expensive and crippled by DRM, limiting user freedom. That’s not to legitimise piracy, it is what it is. However publisher policies create the market for piracy, if the platforms are too restrictive or expensive.

They should have gone for something similar to Amazon music and allowed download as a PDF instead, this would have been more popular and wouldn’t have made a blind bit of difference to the pirates, because pirates will pirate anyway. In the west manga seems to be priced at the middle classes which is at odds with their country of origin where manga is comparatively a form of cheap entertainment.

Even if you don’t care about money, or Japanese comic creators and publishers, you should have at least a care for yourselves if nothing else.

Some of these sites are obviously honey pots. For those of you who don’t know what a honey pot is, it’s a trap set up by criminals (or law enforcement), it’s a technique used to get people to incriminate themselves, or infect themselves with malware or to collect information for malicious intent, they can also be used to create threat models by allowing crafty security researchers to monitor how hackers behave.

Predatory legal professionals, hackers, fraudsters, malicious activists and various other cyber criminals use such methods to facilitate their attacks and this can happen in various ways. Malvertising is the most obvious and in your face method, annoying ads that link to malicious websites or just link direct to malware.

Many scanlation sites don’t even employ https which could be problematic especially in any website where you have to create an account and input sensitive data as anyone could potentially be able to man in the middle attack you. Some popular sites are also deliberately spoofed in order to fool people.

Even if a site looks legit, they may even use https (it’s not hard to set up), this doesn’t mean a site is secure, it doesn’t mean a sites owners are altruistic, it doesn’t mean it’s not a honey pot. People would be wise to treat any websites with due caution but especially scanlation sites. Pay close attention to where sites are hosted.

They’ll often host their sites in states which are more sketchy which makes them harder to take down. But in such states you’re at risk from much more than a few copyright lawyers. You don’t imagine for a second some of these webhosts could be run by criminal organisations in order to gather data to be used to commit crimes such as fraud, blackmail, or worse.

In one recent example a popular scanlation site was hacked and the entire database was stolen, nigh on 3 million accounts. I would seriously ask people to consider the risks of registering info with such a site. Risk of smaller sites being hacked has always existed as people may not update their software on a regular basis because of the logistical challenges with doing so, people don’t like downtime and many such sites only have limited infrastructure available. Various forum software of old used to suffer from vulnerabilities that would get patched and a few years later there would be new ones that needed patching.

Sites like these make use of databases that are usually interfaced with via server side scripting languages e.g PHP, and they require near constant maintenance and updating in order to remain secure, some sites may run versions of PHP for example that are out of date (again new versions may break old code, by deprecating old functions or introducing new ones), smaller sites may opt not to do this.

The lesson is simple, one should always approach these things with a healthy dose of cynicism. Absolutely NEVER sign up for an account with any such site, you’re literally asking for trouble sooner or later. The administrators of such sites may disagree, but they aren’t liable for a single penny if you get hacked because of data leaked from their site.

Take this information to heart for the future, all you can do is use your own judgement. Beware of honey pots.

Article by