Securing Cyberspace: Government Websites Targeted as Scammers Advertise Hacking Services

-

 


The incidents you described involve scammers who uploaded advertisements for hacking services onto official websites of various U.S. government entities, universities, and other organizations. These advertisements were in the form of PDF files and were found on .gov and .edu websites. The scammers claimed to offer hacking services for Instagram, Facebook, Snapchat, video games, and the creation of fake followers.

The researcher John Scott-Railton discovered these advertisements, and while it is unclear if the listed websites are a complete list of the affected sites, it appears that they may be connected. The scammers took advantage of misconfigured services, unpatched bugs in content management systems (CMS), and other security vulnerabilities to upload the PDFs to the websites. The PDFs themselves seem to be part of a scheme to generate money through click-fraud. Some of the advertised websites were reviewed by TechCrunch and were found to likely be fake, despite displaying the names and profile pictures of alleged victims.

The organizations affected by this campaign have stated that these incidents were not necessarily the result of a breach but rather the exploitation of flaws in online forms or CMS software, allowing the scammers to upload the PDFs. Some victims mentioned the content management system Kentico CMS as the source of the issue, while others described similar techniques without mentioning Kentico.

The affected organizations have taken steps to remove the PDFs and address the vulnerabilities. The California Department of Fish and Wildlife, for example, had a misconfigured form that allowed the upload of PDFs instead of pictures. The University of Buckingham in the U.K. mentioned old "bad pages" resulting from the use of a form. The Washington Fire Commissioners Association identified a vulnerability related to new members uploading files. Other organizations, such as the town of Johns Creek and the Administration for Community Living, reported removing the pages containing the advertisements.

Although the overall damage caused by this spam campaign is expected to be minimal, the ability to upload content to .gov websites is concerning not only for the specific websites involved but also for the broader U.S. government. Incidents like this highlight the potential risks associated with compromised websites, as demonstrated by previous cases such as Iranian hackers targeting a U.S. city's website in an attempt to alter vote counts. Election officials have expressed concerns about hackers targeting election-related websites as well.

Comments

Post a Comment

Popular posts from this blog

Empowering Complex Payments: Payrails Secures $14.4M for its Advanced Operating System

-
Image
  Enterprises and marketplaces operating across multiple geographies and products have long relied on a hodgepodge of third-party services cobbled together by teams of engineers. These makeshift solutions, akin to Dr. Frankenstein's creations, often suffer from bugs and missing functionality. At worst, their complexity can even conceal malicious activities. Recognizing this disparity, three payments engineers came together to establish Payrails, a startup that has developed a framework for building and operating stable enterprise payment services. Today, the company announces a funding round of $14.4 million, driven by leading investor EQT Ventures, along with participation from General Catalyst, Andreessen Horowitz, and HV Capital. This "seed extension" follows the original seed round of $6.4 million, led by A16Z and HV Capital, which we covered last year when Payrails emerged from stealth mode. Although the startup does not disclose its valuation, CEO Orkhan Abdullayev ...
Read more

Bridging the Gap: Minoa SaaS Sales Platform Addresses the Rising Demand for Remote Collaboration

-
Image
  The COVID-19 pandemic has disrupted various aspects of business, including the way software-as-a-service (SaaS) companies sell their products. With social distancing measures in place, in-person meetings were replaced by virtual platforms like Zoom and Microsoft Teams. Surprisingly, both vendors and buyers found that virtual meetings could be productive, leading to the adoption of remote practices even as COVID restrictions ease. Recognizing the gap in existing sales tools for online meetings, Richard Einhorn and Max Elster founded Minoa in 2022 to cater to the growing trend of remote B2B sales. Minoa is a sales platform designed to help SaaS vendors and their customers track the lifecycle of a deal asynchronously. It offers tools for value management, quoting, pricing, and more. What sets Minoa apart from other tools is its focus on including customers in the sales platform, unlike many incumbents that primarily serve vendors. As companies incorporate more specialized SaaS servi...
Read more

Revolutionizing EdTech: Byju's Leaps Forward with Transformer Models in AI Endeavors

-
Image
  Byju's, the edtech giant in India, has introduced three transformer models as part of its "Wiz" suite to enhance its educational services and personalize the learning experience for students. The models leverage AI to support learning and address knowledge gaps. The first model, Badri, predicts when learners might struggle with specific concepts and offers recommendations to address the gaps. MathGPT helps students solve math problems using analogies and visual aids, while TeacherGPT serves as an AI-powered assistant, providing personalized guidance and grading responses. Byju's AI model incorporates students' interests to make learning more engaging. For example, it can use cricket analogies to explain complex concepts to a cricket enthusiast. The transformer models have been trained on the vast amount of data generated by Byju's student base and have an accuracy rate of around 87%. They are designed to align with the respective curriculum and operate withi...
Read more