Original URL: http://www.theregister.co.uk/2009/02/03/council_smut/

Blizzard of smut cuts off Council websites

From Wittering to ogling, and beyond

By Jane Fae Ozimek

Posted in Government, 3rd February 2009 14:17 GMT

If you’re seeking smut, you only need go as far at present as the leafy green home pages of West Wittering Parish Council. Or there's Worcestershire County Council’s Healthy Schools Forum which, in an area dedicated to "internet safety", advises visitors on where to find "sexy escorts", before inviting them into a chat room to talk with "sexy girls".

This is not the latest bizarre outreach programme from local councils, seeking to reconnect with the sexually frustrated. Rather, it is the result of poor security, compounded by less than vigilant moderation.

Our story began at the weekend, when a diligent reader dropped a list of dodgy searches into our lap. Google for, say, "site:salford.gov.uk" and "porn", and you will turn up more than 1000 links to some fairly unsavoury content.

Who else? If you replace Salford with any of the following, you will get similar results: Lichfielddc (Lichfield District Council); Homecare (National Homecare Council); RCAHMS (Royal Commission on Ancient and Historical Monuments Scotland); Basildon Basildon District Council) and Communitylearningwest Worcestershire (Worcestershire County Council).

And then there is West Wittering Parish Council, which was, until yesterday, where you would find the website for the Parish Council of that name.

screen grab of wittering web site

The West Wittering PCC site before it was pulled

According to Paul Baccas, virus and spam researcher at SophosLabs, there may be two quite different processes going on here. In most cases – RCAHMS, possibly: Salford and Lichfield too - all that appears to be happening is a severe overdose of spam. Someone has identified an existing messageboard on the target site, and spam has followed through the hole in the fence, frequently containing links that would forward anyone who clicked onward to another URL.

Known as "link spamming", the purpose of this practice is to boost the search engine rating of the targeted content. That’s irritating, but easy enough to fix with a good dose of moderation.

But what of West Wittering? As villages go, it is one of those quintessentially English places, boasting a combination of sandy beaches and ancient monuments: a Parish Church whose oldest bits were laid down in the 12th century, and rock guitarist Keith Richards, about whose older bits it may be wiser not to speculate.

Their website appeared to contain an entire directory given over to "discussion" of topics such as growing cannabis and "hot babes" – not, we suspect, a reference to climate change. Briefly, we toyed with the idea of some Ealing Comedy-style denouement: a local parish councillor, bored by endless rounds of WI jam-making, finally gone over to the dark side.

Far more seriously, the lead link turned up by Google claims to take the viewer on to child porn - in fact, having looked at one of the less explicit (adult) links, we suspect that clicking on it could well have popped up indecent material immediately.

We reported the matter to the Clerk to the Parish Council, Mrs Brown, who declared herself "horrified" and, after consultation with her Chairman, arranged for the site to be taken down straight away. The Chairman of West Wittering Parish Council added: "We had no idea that such material was on our site, and have acted immediately the matter was brought to our attention."

We also raised the matter with the IWF, who felt, as the site is now down, that there was little more they can do.

Councillor Bill Hinds, lead member for customer and support services at Salford City Council said it was investigating how the link spamming had gone undetected on its site.

"We empower community groups to have their own sites and as a means to develop their web skills," he added. "However, we need to ensure that we are continually moderating them. We will now be reviewing our policies and procedures to minimise the risk of this happening again."

This episode illustrates two issues that are likely to become more prominent over the next few years. First, this went beyond simple spamming. Someone had made use of an onsite exploit – possibly via their contact form – to gain access to their server and set up a directory and chat forum that would be invisible to the public, and act as host to a series of links to other material.

If some of the forum counts are to be believed, these posts – over 1,000 related to porn alone - were being actively browsed. West Wittering’s innocuous little website had been infiltrated and was now host to an international porn business.

Why? Because as filtering becomes cleverer, those behind such business have almost certainly calculated that sheltering behind a ".gov.uk" designation may keep them safer for longer than if they stay public.

Expect more such infiltrations in future. As for the websites concerned, our sympathies go out to West Wittering – although we wonder why even a humble Parish Council did not have in place the simple security measures that would have blocked such a takeover. The same applies to other sites, but much more so.

Worcestershire appears to have been compromised over a fortnight ago – yet no one in their IT department has yet noticed. Salford appears to be hosting well over 1,000 porn-related links, as aforementioned. Again, no one in their IT seems to have noticed.

No doubt these weaknesses will now be fixed, but it would be surprising indeed if other councils do not fall prey throughout the year. ®