Microsoft privacy and surveillance site compromised to promote online casinos

Graham Cluley
@gcluley

Well, this is embarrassing…

As ZD Net reports, the website set up by Microsoft to fight the United States government on issues of over-reaching surveillance has been hacked.

Last December, I suggested you visit Microsoft’s Digital Constitution website to find out more about the company’s attempts to prevent US law enforcement from accessing customer emails held at a data centre in Dublin, Ireland.

What Microsoft was doing, in my opinion, was a “very good thing”™, protecting the privacy of users from over-reaching governments.

Sign up to our newsletter
Security news, advice, and tips.

But what wasn’t so good was what has been going on lately on the digitalconstitution.com website itself.

ZD Net‘s Zack Whittaker reports that hackers had managed to inject spammy links to online casinos into the site’s pages.

The fault, it appears, lay in the out-of-date version of WordPress being used – version 4.0.5. Chances are that the spammers weren’t even aware of the trophy site they had compromised, and that it was just one of many sites they would have sullied with their revenue-generating links.

Compromised website. Source: Zack Whittaker / ZD Net

If that’s the case then there hopefully should be no threat of any sensitive data being stolen from the web servers, but clearly Microsoft dodged a bullet as it would have been just as easy for the attackers to embed malicious links or exploit code designed to infect visiting computers.

Whittaker reports that some of the main pages were fixed within an hour or so of being initially reported, but as recently as yesterday there were still pages containing the seedy casino adverts.

The website has since been updated to WordPress 4.2.2, the latest version. Lets hope that whoever is responsible for its maintenance now understands the importance of keeping it properly updated.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.