7

Seeing NSFW Ads on Government Sites? Here's Why

 1 year ago
source link: https://www.makeuseof.com/nsfw-ads-us-government-websites/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Seeing NSFW Ads on Government Sites? Here's Why

By Damir Mujezinovic

Published 1 day ago

Stumbled across unsuitable adverts on US government websites? You're not alone, but why are spammy adult ads appearing on govt sites?

Only government and public sector organizations based in the United States are eligible to get a .gov domain, which is a sponsored top-level domain administered by the Cybersecurity and Infrastructure Security Agency.

Citizens turn to government sites to find credible information on issues ranging from voting to stimulus checks, and it's safe to assume that the last thing one would expect to see on a government-affiliated webpage is a NSFW (not safe for work, explicit) advertisement for Viagra, or a link to an adult video site.

But that's exactly what's been happening for over a year.

NSFW Ads on Government Sites

As reported by Vice, NSFW ads and links have been spotted on 50 different government subdomains, and it will probably take a while before they are removed.

A simple Google search reveals that a site affiliated with Sandpoint, Idaho, was displaying ads for a supposed Robux generator (Robux is the in-game currency for the popular game platform Roblox).

Screenshot of Google search results showing a government website advertised Robux

Vermont Attorney General TJ Donovan's official government website, meanwhile, featured spammy ads for supposed Fortnite skins and V-Bucks generators.

Google search shows Vermont AG website displayed spam ads

Laserfiche Software Vulnerability

According to cybersecurity researcher Zach Edwards, who first uncovered the issue, government and military sites are hosting NSFW content due to a vulnerability in software provider Laserfiche's content management systems.

The company has contracts with several government agencies, including the Federal Bureau of Investigations (FBI).

The now-patched vulnerability allowed third parties to push files to .gov sites without the site owners' permission. In other words, black hat SEO specialists took advantage of this vulnerability to boost their own sites.

RELATED: 10 Reasons Cybercriminals Hack Websites

"This vulnerability created phishing lures on .gov and .mil domains that would push visitors into malicious redirects, and potentially target these victims with other exploits," Edwards explained to Vice.

Edwards has been reporting this to affected .gov sites for months and even detailed his findings in a YouTube video, which can be viewed below.

Laserfiche Released An Update

In a blog post earlier this month, Laserfiche acknowledged that the vulnerability is being used as an active exploit and released a security update. In addition, Laserfiche released a simple cleanup tool to help affected customers scrub their pages of NSFW content.

The fact that black hat SEO specialists successfully targeted government websites shows how important it is to have proper protection in place.

Keeping content management systems, plugins, and scripts up to date is a must for any webmaster. Security plugins are also a good investment, especially for those who use WordPress.

Related Topics

About The Author

61192a0ea0793-Damir-Mujezinovic.jpg?fit=crop&w=100&h=100

Damir Mujezinovic (7 Articles Published)

Damir is a freelance writer and reporter whose work focuses on cybersecurity. Outside of writing, he enjoys reading, music, and film.

More From Damir Mujezinovic

Subscribe to our newsletter

Join our newsletter for tech tips, reviews, free ebooks, and exclusive deals!

Click here to subscribe

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK