Microsoft privacy and surveillance site compromised to promote online casinos

MicrosoftWell, this is embarrassing…

As ZD Net reports, the website set up by Microsoft to fight the United States government on issues of over-reaching surveillance has been hacked.

Last December, I suggested you visit Microsoft’s Digital Constitution website to find out more about the company’s attempts to prevent US law enforcement from accessing customer emails held at a data centre in Dublin, Ireland.

What Microsoft was doing, in my opinion, was a “very good thing”™, protecting the privacy of users from over-reaching governments.

Sign up to our free newsletter.
Security news, advice, and tips.

But what wasn’t so good was what has been going on lately on the website itself.

ZD Net‘s Zack Whittaker reports that hackers had managed to inject spammy links to online casinos into the site’s pages.

The fault, it appears, lay in the out-of-date version of WordPress being used – version 4.0.5. Chances are that the spammers weren’t even aware of the trophy site they had compromised, and that it was just one of many sites they would have sullied with their revenue-generating links.

Compromised website. Source: Zack Whittaker / ZD Net
Compromised website. Source: Zack Whittaker / ZD Net

If that’s the case then there hopefully should be no threat of any sensitive data being stolen from the web servers, but clearly Microsoft dodged a bullet as it would have been just as easy for the attackers to embed malicious links or exploit code designed to infect visiting computers.

Whittaker reports that some of the main pages were fixed within an hour or so of being initially reported, but as recently as yesterday there were still pages containing the seedy casino adverts.

Compromised site

The website has since been updated to WordPress 4.2.2, the latest version. Lets hope that whoever is responsible for its maintenance now understands the importance of keeping it properly updated.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.