Hundreds of websites operated by the UK government appear to have been hacked to include links and references to illicit websites selling viagra, hardcore pornography, cialis and other dubious products.
The hacked sites, which include primary schools, universities, the DSA, Forestry Commission and various local government websites and forums, have fallen victim to a variety of exploits including cross site scripting and hackers exploiting loopholes in badly designed and outdated software.
The hacks present considerable danger to innocent members of the public who find these infected web pages via search engines or spam emails. Users trust .gov.uk websites and happily click through to the page only to have their PC infected with spyware or a virus or redirected to a website selling viagra or cialis.
Hackers take advantage of the trust that search engines such as Google place on government websites and by placing a page on these trusted domains can quickly gain top search engine rankings without the effort of creating their own website.
According to Wikipedia Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. Cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities as of 2007. Often during an attack “everything looks fine” to the end-user who may be subject to unauthorized access, theft of sensitive data, and financial loss.
Universities and Schools
The problem doesn’t restrict itself to .gov.uk domains – we found an even bigger issue with .ac.uk websites which are reserved for academic institutions such as universities and colleges. The kind of websites you might happily let your children browse unsupervised.
Perhaps even worse than this is the hacking of primary and secondary school websites which students are actively encouraged to visit. We found that over 30 domains had been infected with content that could direct children away from the safety of a school site to a third party site owned by the hacker. This could host spyware and all manner of adult content.
Action needs to be taken
All the issues discussed in this article are caused by the websites in question running insecure and badly designed software. Hackers will always try to exploit vulnerable websites and by leaving gaping holes in their security the administrators of the sites discussed are leaving themselves open to lawsuits and some very upset internet users.
How long before somebody has malware installed on their PC via one of these infected websites and sues the government for damages? A corrupted PC can be costly in terms of the time required to fix it not to mention the data which could be lost.
How to see the hacked pages
We have included numerous screenshots of the infected pages below – you can see them for yourself by performing the following search queries similar to the ones below on Google.
The hackers quite often make the text invisible on the page so you may need to click on the “Cached” link offered in the Google results and then the “Text-only version” of the cached page. An example is here.
More examples