Pornography and entertainment-seeking “single mothers” on government domains. It’s the work of hackers

Industry portal that some government Internet domains have been perfidiously used by hackers. Sites on official domains redirected to adult content sites.

Hackers used government domains. How is this possible?

Several readers of the portal have noticed that after entering various phrases in Google, you can come across suspicious websites located in the government domain “gov.pl”. After clicking on the search results in the domain of the National Health Fund (nfz.gov.pl), we were led to a page where “4 girls wanted to meet us” – describes the portal.

On the websites directed from a link in the domain of the Polish Center for Accreditation (pca.gov.pl), there was pornographic content. Similarly to government domains, the portal of the city of Lublin (lublin.eu) also fell victim to cybercriminals. After clicking on the link in this domain, you could view pictures of a “single mother looking for fun.”

Niebezpiecznik.pl describes that cybercriminals are behind the incident, whose goal was to use trusted domains to position their websites in Google. As “people responsible for the code of government websites” told the portal, the data from government servers was not read.

Experts from Niebezpiecznik.pl explain that the pages from the above domains work under the control of a CMS called “Edito”. Criminals probably found a gap in its security or took over the login details of a person who has the authority to manage these websites.

In this case, however, an “Open Redirect” bug was most likely used, which – in short – gave them the opportunity to create a redirect to any website. The Polish Accreditation Center confirmed to Niebezpiecznik that the “redir.php” script, which was used for malicious redirects, had already been found and removed from the PCA system.