Well, this is embarrassing…
As ZD Net reports, the website set up by Microsoft to fight the United States government on issues of over-reaching surveillance has been hacked.
Last December, I suggested you visit Microsoft’s Digital Constitution website to find out more about the company’s attempts to prevent US law enforcement from accessing customer emails held at a data centre in Dublin, Ireland.
What Microsoft was doing, in my opinion, was a “very good thing”™, protecting the privacy of users from over-reaching governments.
But what wasn’t so good was what has been going on lately on the digitalconstitution.com website itself.
ZD Net‘s Zack Whittaker reports that hackers had managed to inject spammy links to online casinos into the site’s pages.
The fault, it appears, lay in the out-of-date version of WordPress being used – version 4.0.5. Chances are that the spammers weren’t even aware of the trophy site they had compromised, and that it was just one of many sites they would have sullied with their revenue-generating links.
If that’s the case then there hopefully should be no threat of any sensitive data being stolen from the web servers, but clearly Microsoft dodged a bullet as it would have been just as easy for the attackers to embed malicious links or exploit code designed to infect visiting computers.
Whittaker reports that some of the main pages were fixed within an hour or so of being initially reported, but as recently as yesterday there were still pages containing the seedy casino adverts.
The website has since been updated to WordPress 4.2.2, the latest version. Lets hope that whoever is responsible for its maintenance now understands the importance of keeping it properly updated.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.