Bad things lurking on government sites

More sites within the .gov domain were spotted hosting inappropriate content on Thursday

The U.S. federal government took steps earlier this week to shut down Web sites in California in order to protect the public from hacked Web sites, but new incidents show that the problem is not going away any time soon.

On Thursday, compromised pages hosted by the Brookhaven National Laboratory and the Superior Court of Madera County, California, were still hosting inappropriate content. Brookhaven had links that redirected visitors to pornographic Web servers, and the Madera County court site featured ads for porn and Viagra.

Brookhaven has begun an investigation into the incident, said Tom Schlagel, a manager with the lab's information technology division. "From what I've been told, there isn't any evidence that there's any pornography on the server," he said. "It's all just redirections."

Brookhaven is a U.S. Department of Energy lab that specializes in nuclear and high-energy research.

The security of U.S. government Web sites has been front-page news in California this week after the U.S. General Services Administration, which administers the .gov top-level domain, temporarily removed California's state servers from the Internet's Domain Name System (DNS) infrastructure, apparently because of a security problem on the Web site of a small state agency, the Transportation Authority of Marin.

Observers said that this was an unusually extreme move and one that eventually would have knocked the entire state off the Internet.

The move was caught before it caused widespread service outages within the state government, but it drew attention to an underlying issue: compromised governmental Web sites.

The GSA on Thursday said it has revised its policies to avoid another possible statewide shutdown, but it defended its right to remove .gov sites from the Internet. "The potential exposure of pornographic material to the citizens -- and tens of thousands of children -- in California was a primary motivator for GSA to request immediate corrective action," a GSA spokeswoman said in an e-mailed statement. "Also, in these days of heightened security concerns from hackers, it is important to quickly stop potentially harmful damage to federal, state and local Web sites from those who have no love for our country."

Alex Eckelberry, the president of Sunbelt Software Inc. who first reported the problem that led to the California shutdown, said that the government could do better. "Once you're on the Web, especially if you're government, you really have to be responsible for your content," he said. "We have to have some sort of recognition that there is constant danger and that people need to stay on top of their sites."

However, educational sites, hosted within in the .edu top-level domain, have far more problems than the .gov sites, Eckelberry said.

Security professionals like Eckelberry complain that poor response from Web site administrators means that even when problems are discovered by outside researchers, it's often hard to report them.

For example, the Madera Superior Court site has a "Click Here To E-mail Our Webmaster" link on the bottom of its front page, but when Trend Micro Inc. Network Architect Paul Ferguson used it to inform the court that its site had been hacked, his e-mail bounced back as undeliverable. Madera Superior Court representatives did not return a call seeking comment.

"It is almost impossible for someone like, say, a security researcher to find the right person to report problems to," Ferguson said via e-mail. People outside of government cannot do "Whois" queries on the .gov domain, which would yield contact information for site administrators, he added. "In many cases, either the contact information is incorrect, nonexistent, or the 'lights are on and nobody is home'."

"Everyone has really got to do a better job on securing the Internet," Ferguson added. "You can't just put a Web server out there and forget about it any more."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Father’s Day Gift Guide

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?