14 DAY TRIAL // Security researchers from antivirus vendor AVG have discovered that a section from the website of the Spelthorne Borough Council in the UK has been hacked and is serving exploits. According to their analysis, this is not the first time it happens.
The incident has been reported by AVG's own Chief Research Officer, Roger Thompson, on his blog. According to the security expert, the phoenix.spelthorne.gov.uk (warning – still infected when this article was being edited) URL peaked his interest when it was repeatedly detected and blocked by the new LinkScanner component of the AVG antivirus.
Upon further investigation, Mr. Thompson has found that what should have been an important section of the website, used for submitting and checking various applications for licensing and planning, was now displaying the bragging rights of a hacking crew calling themselves "Fatal Error."
The hackers have even left "contact information" behind, acknowledging an IRC (Internet Relay Chat) channel and listing the crew's members. "Fatal Error ownz you - irc.chatbr.org #Ferror BY: Elemento_pcx ( Made in Brasil ) help? [email protected] somos: Elemento_pcx, Dominic, s4r4d0, txx freakspeedx h4d35_br," the message reads.
Meanwhile, a redirection script is executed and points the visitors to what looks like the website of a Turkish delivery service. "I'm reasonably confident that a Brit government website shouldn't be transferring you to (what I think is) a Turkish one, so this is a fair second clue that something is wrong," the AVG researcher writes.
Furthermore, trying to establish for how long the website has been hacked, Mr. Thompson has queried the caches of several search engines only to make an interesting discovery. A Google's version of the page, cached on January 24th, was displaying a different defacement performed by the same crew.
However, cached versions of the page from Live Search and Ask.com, dated March 4th and January 7th, respectively, showed it as being OK. This means that the website was hacked once, between 7 January and 4 March, then fixed, and then hacked again. "The webmasters are obviously cleaning things up as quickly as they realize they have a problem, but seemingly have yet to plug the hole that the Bad Guys are using to get in," Roger Thompson concludes.
Ironically, the slogan of the Spelthorne Borough Council is "Providing quality services to the people of Ashford, Charlton, Halliford, Laleham, Littleton, Shepperton, Staines, Stanwell, Stanwell Moor and Sunbury." Do these services also include its own website?
