Feeds

Blizzard of smut cuts off Council websites

From Wittering to ogling, and beyond

Combat fraud and increase customer satisfaction

But what of West Wittering? As villages go, it is one of those quintessentially English places, boasting a combination of sandy beaches and ancient monuments: a Parish Church whose oldest bits were laid down in the 12th century, and rock guitarist Keith Richards, about whose older bits it may be wiser not to speculate.

Their website appeared to contain an entire directory given over to "discussion" of topics such as growing cannabis and "hot babes" – not, we suspect, a reference to climate change. Briefly, we toyed with the idea of some Ealing Comedy-style denouement: a local parish councillor, bored by endless rounds of WI jam-making, finally gone over to the dark side.

Far more seriously, the lead link turned up by Google claims to take the viewer on to child porn - in fact, having looked at one of the less explicit (adult) links, we suspect that clicking on it could well have popped up indecent material immediately.

We reported the matter to the Clerk to the Parish Council, Mrs Brown, who declared herself "horrified" and, after consultation with her Chairman, arranged for the site to be taken down straight away. The Chairman of West Wittering Parish Council added: "We had no idea that such material was on our site, and have acted immediately the matter was brought to our attention."

We also raised the matter with the IWF, who felt, as the site is now down, that there was little more they can do.

Councillor Bill Hinds, lead member for customer and support services at Salford City Council said it was investigating how the link spamming had gone undetected on its site.

"We empower community groups to have their own sites and as a means to develop their web skills," he added. "However, we need to ensure that we are continually moderating them. We will now be reviewing our policies and procedures to minimise the risk of this happening again."

This episode illustrates two issues that are likely to become more prominent over the next few years. First, this went beyond simple spamming. Someone had made use of an onsite exploit – possibly via their contact form – to gain access to their server and set up a directory and chat forum that would be invisible to the public, and act as host to a series of links to other material.

If some of the forum counts are to be believed, these posts – over 1,000 related to porn alone - were being actively browsed. West Wittering’s innocuous little website had been infiltrated and was now host to an international porn business.

Why? Because as filtering becomes cleverer, those behind such business have almost certainly calculated that sheltering behind a ".gov.uk" designation may keep them safer for longer than if they stay public.

Expect more such infiltrations in future. As for the websites concerned, our sympathies go out to West Wittering – although we wonder why even a humble Parish Council did not have in place the simple security measures that would have blocked such a takeover. The same applies to other sites, but much more so.

Worcestershire appears to have been compromised over a fortnight ago – yet no one in their IT department has yet noticed. Salford appears to be hosting well over 1,000 porn-related links, as aforementioned. Again, no one in their IT seems to have noticed.

No doubt these weaknesses will now be fixed, but it would be surprising indeed if other councils do not fall prey throughout the year. ®

Top three mobile application threats

More from The Register

next story
EU: Let's cost financial traders $400m a day, because EVIL BANKERS. Right?
Wait 'til this one hits your pension fund where it hurts
Systems meltdown plunges US immigration courts into pen-and-paper stone age
Massive outage could last four weeks, sources claim
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
UK.gov chucks £28m at F1 tech for buses and diggers plan
Well, not really F1 but who's heard of LMP and VLN*?
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.