UK government transport website caught showing porn

0
60
dft gov uk website

A website from the UK Department for Transport (DfT) was caught serving porn earlier today.

The special DfT subdomain behind the accident provides vital DfT statistics to the public and the department’s business plan on most days.

A very British thanksgiving

The British DfTs charts.dft.gov.uk the site was seen serving porn today, as confirmed by BleepingComputer.

In the past, the subdomain Charts has provided business plan documents and important statistics on various DfT services, such as public transport figures, road availability time and driving tests.

Although the site is no longer available, visited the site a few hours ago charts.dft.gov.uk paved the way for some heavy traffic:

The UK Government's DfT subdomain serving porn
The British government’s DfT subdomain caught in serving porn (BleepingComputer)

The accident was first discovered by The collar, Which one additionally noted that the whole dft.gov.uk the domain was even made to redirect to a WordPress plugin page, while the department seemed to investigate the issue.

In our test, BleepingComputer observed the official dft.gov.uk site led to a password protected WordPress site residing on: eu-hauliers.dft.gov.uk.

Dft-gov-uk needs password
all dft.gov.uk redirected to a password-protected WordPress site earlier today (BleepingComputer)

The dangling … DNS

Although the exact reason why the Charts mini-site serves porn is not known, it appears that the subdomain had a CNAME DNS record pointing to an Amazon S3 instance.

The insulting (NSFW) body is still up at charts.dft.gov.uk.s3-website-eu-west-1.amazonaws.com, shows illegal content. Fortunately, charts.dft.gov.uk no longer leads there.

What’s still unclear is if this was just a case of domain hijacking – that is, a dangling AWS S3 instance that the Charts website pointed to, was claimed by a threat actor and made to provide adult content, or got a attacks sufficient access to DfT’s registrar systems and changes the DNS record for charts.dft.gov.uk.

The second scenario is more challenging to implement and would raise some serious questions about how secure DfT’s digital infrastructure is.

Nor is it the first time a government website has been caught delivering explicit content.

In September this year, US government websites were spammed with viagra ads and adult content, after attackers exploited a vulnerability in the Laserfiche Forms software product used by several public websites.

In July, the major news sites visited e.g. Washington Post and HuffPost so the embedded videos in news stories replaced with porn after vid.me the domain was acquired by a third party.

Access to DfT’s main website dft.gov.uk has since been restored. However, Sysadmins seems to have pulled the plug charts.dft.gov.uk completely which is no longer available.

BleepingComputer contacted the British DfT both by phone and email before writing and we are awaiting their response.

LEAVE A REPLY

Please enter your comment!
Please enter your name here