The recent discovery of hacking services ads on official government and university websites has raised concerns about cybersecurity vulnerabilities. Scammers have targeted various U.S. state, county, and local government websites, as well as federal agencies and prestigious universities. This article explores the extent of the issue, the potential risks involved, and the measures being taken to address this alarming situation.
Table of Contents
Government Websites Targeted by Scammers
Multiple .gov websites, including those belonging to the state governments of California, North Carolina, New Hampshire, Ohio, Washington, and Wyoming, were found to host advertisements for hacking services. Additionally, websites of St. Louis County in Minnesota, Franklin County in Ohio, Sussex County in Delaware, and the town of Johns Creek in Georgia were also compromised. Even the federal Administration for Community Living, responsible for serving the aging population, fell victim to this scam.
Universities Affected by Hacking Service Ads
The .edu websites of several renowned universities, such as UC Berkeley, Stanford, Yale, UC San Diego, University of Virginia, UC San Francisco, and University of Washington, were among those targeted by scammers. International institutions like the University of Buckingham in the U.K. and Universidad Del Norte in Colombia were also affected. This widespread scam campaign suggests that a single group or individual may be responsible for all the incidents.
Exploiting Flaws and Uploading PDFs
The scammers uploaded PDF files on compromised websites, leading visitors to various websites promoting hacking services. These services claim to hack social media accounts like Instagram, Facebook, and Snapchat, provide cheat codes for video games, and offer fake follower creation services. The PDFs have been online for an extended period, potentially years. The discovery of these ads was made by John Scott-Railton, a senior researcher at the Citizen Lab.
Implications and Potential Risks
Although the current scam campaign appears focused on promoting fake services, it reveals the potential for malicious hackers to exploit vulnerabilities and cause more significant harm. The PDFs uploaded by scammers could contain malicious content or links, endangering users’ privacy and security. Scott-Railton suggests that the scammers took advantage of misconfigured services, unpatched CMS bugs, and other security weaknesses to carry out this spam campaign.
Coordination and Assistance to Combat the Scam
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of the compromises suffered by government and university websites due to search engine optimization (SEO) spam. CISA is actively coordinating with affected entities and offering assistance where needed. Their involvement aims to mitigate the impact of the scam and prevent similar incidents in the future.
Click-Fraud and Money-Generating Scheme
TechCrunch conducted an investigation into the websites advertised in the PDFs and discovered a complex scheme involving click-fraud to generate revenue. Cybercriminals employed open source tools to create pop-ups that verified human visitors while quietly generating money in the background. Despite one of the websites displaying alleged victim profiles, the hacking services advertised are likely fake. Scammers took advantage of flaws in online forms and content management systems to upload the PDFs.
Addressing the Vulnerabilities
Representatives from several affected organizations confirmed that the issue stemmed from flaws in their content management systems. The California Department of Fish and Wildlife, University of Buckingham, and the town of Johns Creek mentioned vulnerabilities related to the Kentico CMS. Other victims, including the Washington Fire Commissioners Association and the University of Washington, also faced similar challenges without explicitly mentioning Kentico.
Removal of Ads and Prevention Measures
Efforts have been made to remove the malicious PDFs from compromised websites. The town of Johns Creek, the University of California San Diego, the University of Washington, and the Administration for Community Living have all taken steps to eliminate the scam ads. Some organizations have resolved vulnerabilities, reset passwords, and updated their websites to prevent further unauthorized access.
While the immediate impact of the hacking services ad campaign may be minimal, the fact that scammers managed to upload content to .gov websites is deeply concerning. The potential for unauthorized access and manipulation of government websites poses risks not just to the affected sites, but to the entire U.S. government. These incidents serve as a reminder of the importance of robust cybersecurity measures and constant vigilance in the face of evolving cyber threats.