, , , , , , , , ,

Scammers publish ads for hacking services on government websites

Scammers have published various advertisements for hacking services on the official websites of multiple U.S. state, county, and local governments, a federal agency, as well as numerous universities.

The advertisements were contained in PDF files uploaded to official .gov websites belonging to the state governments of California, North Carolina, New Hampshire, Ohio, Washington, and Wyoming; the counties of St. Louis in Minnesota, Franklin County in Ohio, Sussex County in Delaware; the town of Johns Creek in Georgia; and the federal Administration for Community Living.

Scammers also uploaded similar ads on the .edu websites of several universities: UC Berkeley, Stanford, Yale, UC San Diego, University of Virginia, UC San Francisco, University of Colorado Denver, Metropolitan Community College, University of Washington, University of Pennsylvania, University of Texas Southwestern, Jackson State University, Hillsdale College, United Nations University, Lehigh University, Community Colleges of Spokane, Empire State University, Smithsonian Institution, Oregon State University, University of Buckingham in the U.K., and Universidad Del Norte in Colombia.

Apart from .gov and .edu sites, other victims include Spain’s Red Cross; the defense contractor and aerospace manufacturer Rockwell Collins — part of Collins Aerospace and a subsidiary of the defense giant Raytheon; and an Ireland-based tourism company.

The PDFs link to several different websites, some of them advertising services that claim to be able to hack into Instagram, Facebook, and Snapchat accounts; services to cheat in video games; and services to create fake followers.

“BEST way to Hack Insta 2021,” one PDF read. “If you are looking to hack Instagram account (either yours which you got locked out from or your friend), InstaHacker is the right place to look for. We, at InstaHacker, provides our users with easy Instagram hack solutions that are safe and completely free from any malicious intentions [sic throughout].”

Some of the documents have dates that suggest they may have been online for years.

These advertisements were found by John Scott-Railton, a senior researcher at the Citizen Lab. It’s unclear if the sites he found — and we have listed — are a complete list of the sites affected by this massive spam campaign. And given how many websites were displaying very similar advertisements, the same group or individual may be behind them all.

“SEO PDF uploads are like opportunistic infections that flourish when your immune system is suppressed. They show up when you have misconfigured services, unpatched CMS [content management system] bugs, and other security problems,” said Scott-Railton.

While this campaign seems to be complex, massive, and at the same time a seemingly harmless SEO play to promote scam services, malicious hackers could have exploited the same flaws to do much more damage, according to Scott-Railton.

“In this case the PDFs they uploaded just had text pointing to a scam service that might also be malicious as far as we know, but they could very well have uploaded PDFs with malicious contents,” he said. “Or malicious links.”

Zee Zaman, a spokesperson for U.S. cybersecurity agency, CISA said that the agency “is aware of apparent compromises to certain government and university websites to host search engine optimization (SEO) spam. We are coordinating with potentially impacted entities and offering assistance as needed.”

TechCrunch inspected some of the websites advertised in the PDFs, and they appear to be part of a convoluted scheme to generate money through click-fraud. The cybercriminals appear to be using open- source tools to create popups to verify that the visitor is a human, but are actually generating money in the background. A review of the websites’ source code suggests the hacking services as advertised are likely fake, despite at least one of the sites displaying the profile pictures and names of alleged victims.

Several victims told TechCrunch that these incidents are not necessarily signs of a breach, but rather the result of scammers exploiting a flaw in online forms or a content management system (CMS) software, which allowed them to upload the PDFs to their sites.

Representatives for three of the victims — the town of Johns Creek in Georgia, the University of Washington, and Community Colleges of Spokane — all said that the issue was with a content management system called Kentico CMS.

It’s not entirely clear how all of the sites were affected. But representatives of two different victims, the California Department of Fish and Wildlife and University of Buckingham in the U.K., described techniques that appear to be the same, but without mentioning Kentico.

“It appears an external person took advantage of one of our reporting mechanisms to upload PDFs instead of pictures,” David Perez, a cybersecurity specialist at the California Department of Fish and Wildlife told TechCrunch.

The department has several pages where citizens can report sightings of poaching and injured animals, among other issues. The department’s deputy director of communications Jordan Traverso said that there was a misconfigured form in the page to report sick or dead bats, but the site “was not actually compromised” and the issue was resolved and the department removed the documents.

Roger Perkins, a spokesperson for the University of Buckingham, said that “these pages are not the result of hacking but are old ‘bad pages’ resulting from the use of a form — basically they’re spam and are now in the process of being removed […] there was a public-facing form (no longer in existence) that these people took advantage of.”

Tori Pettis, a spokesperson for the Washington Fire Commissioners Association, one of the affected agencies, told TechCrunch that the files have been removed. Pettis said she was not sure whether the issue was with Kentico, and that “the site hasn’t been hacked, however, there was a vulnerability which was previously allowing new members to upload files into their accounts before the profile was completed.”

Jennifer Chapman, senior communications manager at the town of Johns Creek, said that “we worked with our hosting company to remove the PDFs in question and resolve the issue.”

Ann Mosher, public affairs officer for the Administration for Community Living, said the pages “have been taken down.”

Leslie Sepuka, the associate director of university communications at the University of California San Diego, said that “unauthorized PDFs were uploaded to this site. The files have been removed and changes have been made to prevent further unauthorized access. All users with access to the website have also been asked to reset their passwords.”

Victor Balta, spokesperson for the University of Washington, said “the issue appears to have stemmed from an out-of-date and vulnerable plugin module on the website, which allowed for content to be uploaded into a public space.” The spokesperson added that, “there is no indication of any deeper impact or compromise of access or data within the relative system.”

Balta attributed the issue to Kentico.

Thomas Ingle, director of technology services at Community Colleges of Spokane, said that the problem was a Windows Server running Kentico, and that “we had documents uploaded (in this case the PDF you referenced) that other servers that were hijacked were pointing to.”

Janet Gilmore, a spokesperson for UC Berkeley, said:“There was a vulnerability found on this website,” referring to the site where the hacking ads were posted, and that the issue was rectified “to prevent this from happening again in the future.”

The rest of the named organizations did not respond to TechCrunch’s inquiries. Several calls and emails to Kentico Software went unreturned.

The ultimate damage of this spam campaign is and will end up being minimal, but having the ability to upload content to .gov websites would be concerning, not just for the .gov websites in question, but for the whole U.S. government.

It has already happened. In 2020, Iranian hackers broke into a U.S. city’s website with the apparent goal of altering the vote counts. And elections officials have expressed concern for hackers hacking into election-related websites.

Scammers publish ads for hacking services on government websites by Lorenzo Franceschi-Bicchierai originally published on TechCrunch

https://techcrunch.com/2023/06/02/scammers-publish-ads-for-hacking-services-on-government-websites/


Featured Posts

November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1006: Underwater Alien Civilizations – Bluesky Growth, Tyson Vs. Paul, AI Granny This Week in Tech (Audio)

How Bluesky, Alternative to X and Facebook, Is Handling Explosive Growth Netflix's Live Mike Tyson Vs. Jake Paul Fight Battling Sound & Streaming Glitches In Lead-Up To Main Event Biden Asked Microsoft to "Raise the Bar on Cybersecurity." He May Have Helped Create an Illegal Monopoly. CFPB looks to place Google under federal supervision, setting up clash Apple's Tim Cook Has Ways to Cope With the Looming Trump Tariffs Apple Removes Another RFE/RL App At Request Of Russian Regulator Here's Why I Decided To Buy 'InfoWars' Elon Musk's X Corp. files notice in Alex Jones' Infowars bankruptcy case Spotify's Plans For AI Generated Music, Podcasts, and Recommendations, According To Its Co-President, CTO, and CPO Gustav Söderström This 'AI Granny' Bores Scammers to Tears Congress ponders underwater alien civilizations, human hybrids, and other unexplained stuff In Memoriam: Thomas E. Kurtz, 1928–2024 Host: Leo Laporte Guests: Alex Kantrowitz, Daniel Rubino, and Iain Thomson Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
  1. TWiT 1006: Underwater Alien Civilizations – Bluesky Growth, Tyson Vs. Paul, AI Granny
  2. TWiT 1005: $125,000 in Baguettes – iPod Turns 23, The $1.1M AI Painting, Roblox
  3. TWiT 1004: Embrace Uncertainty – Political Texts, Daylight Saving Time, Digital Ad Market
  4. TWiT 1003: CrabStrike – Delta Sues Crowdstrike, Hospital AI, Surge Pricing
  5. TWiT 1002: Maximum Iceland Scenario – Data Caps, 3rd Party Android Stores, Nuclear Amazon