Skip to main content

The Creature of the Black Network Lagoon

February 12, 2016

Black Lagoon

We often don’t worry about network security outside of work and at times, we probably don’t even worry about it while we’re at work. When we stop worrying about network security, that’s when it appears. It lurks in the dark, waiting to strike and needs to feed. This creature has no remorse and only wants to inflict pain and suffering to those it encounters. I’ve seen the creature first hand and believe me, it’s a force to be reckon with. The Creature of the Black Network Lagoon can take many shapes when it’s attacking. It can strike in the form of malware within a file, a malicious link in an email and even a friendly file transfer from a USB stick. Today, I want to share with you the tale of how the Creature of the Black Network Lagoon can easily obtain your username and password if you’re not vigilant.

In this scenario, we have a network that has a Windows 7 computer connected to it; the Creature of the Black Network Lagoon is also connected to this network. The network could be a free Wi-Fi connection that was open or at a local venue. The person on their Windows 7 computer is surfing the web, checking their email, bank account, personal cloud storage, etc. The Creature of the Black Network Lagoon is hungry and wants to feed, so it begins to scan the network in an attempt to locate a machine that is alive.


Once it finds its’ prey, it begins to lurk and changes the way your free Wi-Fi is connecting to websites. It begins to take your traffic and forwards it to the real gateway to the internet. As you can see below, the victim has an IP of and the gateway is The Creature takes the traffic, eats what it can and then sends it to where it was going.


Depending on which browser you’re using, it might prevent the attack on certain sites, but not all sites are created equally. The first example the user navigates to is using Internet Explorer and attempts to Sign in. Don’t forget The Creature of the Black Network Lagoon is watching, but what has it done? At this moment the traffic the Windows 7 machine generates is flowing through the malicious machine and sent to the internet. It has fooled everyone into thinking that the malicious machine is the exit point to the internet. But that’s not all its doing.  In the background it’s also attempting to remove encryption. It’s taking your secure HTTPS traffic and replacing it with HTTP.  But what does this mean you ask? What is normally secure HTTPS traffic that sends your information encrypted is now being sent unsecure with HTTP traffic which can be viewed in clear text. That’s right - your username and password is sent crystal clear now, readable by any human or extraterrestrial.

Internet Explorer


The Creature of the Black Network Lagoon


Other sites using the same browser prevent the attack.  In the second attempt navigating to, we could not remove the HTTPS and my credentials remained safe.


Our 3rd site takes us to, which normally takes you to, but this time the HTTPS was eaten by The Creature of the Black Network Lagoon. Using both Internet Explorer and Chrome had the same unfortunate results. Using both browsers, the Creature managed to eat the HTTPS and obtain the user credentials.

What you should have seen in the URL


Internet Explorer


The Creature of the Black Network Lagoon




The Creature of the Black Network Lagoon


Our 4th site lands us on or does it? Unfortunately, it landed me on While attempting to view and upload some personal photos and private documents, I handed The Creature of the Black Network Lagoon the keys to my personal cloud storage. It wasn’t the first time The Creature of the Black Network Lagoon managed to obtain access to cloud storage. This happens more often than you think.  That’s how some of these leaked videos, photos and documents end up the internet. Depending on what you had stored, you could face embarrassment, financial loss, or backups of important data lost forever.

What you should have seen in the URL



Internet Explorer


The Creature of the Black Network Lagoon


This is why being vigilant is always important; while at work and outside of work. This is not to only protect your employer, but your personal information as well. Out of the four sites, the Creature managed to obtain credentials from three. These results will always vary depending on your browser, website and how secure your system is. While navigating the internet, always attempt to verify where you’re going, where you landed and if anything looks out of the ordinary. This can consist of the login page not being encrypted with HTTPS, the URL looks strange, confirmation that the certificate matches, and if you’re still unsure, wait until you’re using a secure connection.

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy


July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

November 13, 2013

Data Loss Prevention – The People & Process Overlap

When we left off in Part 1 of this series, we discussed how training components that overlap technology and people can help your organization realize ...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.