Recently, a UK Department for Transport (DfT) website was discovered to be displaying porn. On most days, the DfT subdomain responsible for the mishap offers essential DfT statistics to the public and the department’s business strategy.
The Charts subdomain has formerly given business plan papers and key statistics on DfT services such as public transportation use, roadway accessibility times, and driving exams. The Crow was the first to notice the blunder, which also saw that the whole dft.gov.uk domain was set to redirect to a WordPress plugin page while the Department pretended to be looking into it.
According to testing, the official dft.gov.uk website linked to a password-protected WordPress page at eu-hauliers.dft.gov.uk. Although the specific reason for the Charts mini-site hosting porn is unknown, the subdomain did appear to contain a CNAME DNS record linking to an Amazon S3 server. The offending (NSFW) instance may still be found at charts.dft.gov.uk.s3-website-eu-west-1.amazonaws.com. Thankfully, charts.dft.gov.uk no longer directs there.
What’s unclear is whether this was simply a case of domain hijacking, in which a dangling AWS S3 exemplar that the Charts site pointed to was claimed by a threat actor and used to serve adult content, or whether an attacker gained access to DfT’s registrar’s systems and modified the DNS entry for charts.dft.gov.uk.
The second scenario is more challenging to execute and would raise severe concerns about DfT’s digital infrastructure security. It isn’t the first time a government website is hosting pornographic material.
In September of this year, after attackers exploited a weakness in the Laserfiche Forms software product, which is employed by many government sites, U.S. government websites were inundated with Viagra advertising and pornographic content.
Access to the main Department for Transport website, dft.gov.uk, has subsequently been restored. On the other hand, the sysadmins appear to have shut down charts.dft.gov.uk, which is no longer accessible.