Microsoft privacy and surveillance site compromised to promote online casinos


MicrosoftWell, this is embarrassing…

As ZD Net reports, the website set up by Microsoft to fight the United States government on issues of over-reaching surveillance has been hacked.

Last December, I suggested you visit Microsoft’s Digital Constitution website to find out more about the company’s attempts to prevent US law enforcement from accessing customer emails held at a data centre in Dublin, Ireland.

What Microsoft was doing, in my opinion, was a “very good thing”™, protecting the privacy of users from over-reaching governments.

But what wasn’t so good was what has been going on lately on the website itself.

ZD Net’s Zack Whittaker reports that hackers had managed to inject spammy links to online casinos into the site’s pages.

The fault, it appears, lay in the out-of-date version of WordPress being used - version 4.0.5. Chances are that the spammers weren’t even aware of the trophy site they had compromised, and that it was just one of many sites they would have sullied with their revenue-generating links.

Compromised website. Source: Zack Whittaker / ZD Net

Compromised website. Source: Zack Whittaker / ZD Net

If that’s the case then there hopefully should be no threat of any sensitive data being stolen from the web servers, but clearly Microsoft dodged a bullet as it would have been just as easy for the attackers to embed malicious links or exploit code designed to infect visiting computers.

Whittaker reports that some of the main pages were fixed within an hour or so of being initially reported, but as recently as yesterday there were still pages containing the seedy casino adverts.

Compromised site

The website has since been updated to WordPress 4.2.2, the latest version. Lets hope that whoever is responsible for its maintenance now understands the importance of keeping it properly updated.

Tags: , , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.