Scammers Take Over US Government & University Websites & Post Ads For Hacking Services

Scammers Take Over US Government & University Websites & Post Ads For Hacking Services

Scammers Post Hacking Service Ads On US Government Websites

Many US Government departments have been recently targeted by scammers who posted ads for hacking services on their websites. This includes local, country, state, and even some federal government sites.

The problem was first noticed by a senior researcher at the Citizen Lab named John Scott-Railton. He also helped put together a list of all the sites that have been affected. However, it’s too early to say if these were the only victims or if there are more affected websites.

List Of Victims 

Some of the site names that have been recorded belong to the state governments of New Hampshire, Ohio, North Carolina, California, Washington, and Wyoming; Franklin County in Ohio, St. Louis County in Minnesota, Sussex County in Delaware; and the federal Administration for Community Living.

Other victims include Rockwell Collins— a well-known defense contractor and aerospace manufacturer, an Ireland-based tourism company, and Spain’s Red Cross.

A quick investigation revealed that some popular university websites have also been the target of a similar attack. So far, many top universities, including Ivy League colleges, have reported the issue.

The list includes Stanford, Yale, UC Berkeley, UC San Diego, United Nations University, UC San Francisco, Metropolitan Community College, University of Texas Southwestern, University of Colorado Denver, University of Washington, and University of Pennsylvania.

Other universities include Jackson State University, Hillsdale College, Lehigh University, Community Colleges of Spokane, Empire State University, Oregon State University, University of Virginia, Hillsdale College, and Universidad Del Norte in Colombia.

The problem was initially thought to be restricted to the US, but the latest reports suggest otherwise. It was found that the University of Buckingham in the U.K has had a similar issue with scammers taking over their official website and posting ads for their hacking services.

What’s The Common Connection?

The list of targets is quite diverse. They neither belong to the same country nor the same industry. So it’s hard to say if all the attacks are connected, and if it’s so, then what’s the reason behind it?

Three victims, i.e., the University of Washington, the town of Johns Creek in Georgia, and the Community Colleges of Spokane, have reported that they all use the same CMS— Kentico.

On the other hand, the University of Buckingham in the U.K and the California Department of Fish and Wildlife has reported the technique used to exploit their websites was the same. However, there was no mention of Kentico.

Thus, whether there’s a common link between these attacks or if they were all random is hard to say at the moment.

The ads have been uploaded in a PDF format and contain links to several websites. It offered a variety of services which included hacking social media accounts, cheat codes for video games, and supplying fake followers online.

A close look at the date of the documents reveals that these ads might have been online for years. Until the real perpetrators are caught, and the vulnerability is fixed, these organizations are doing all they can to prevent it from happening again.

SEO PDF uploads are like opportunistic infections that flourish when your immune system is suppressed. They show up when you have misconfigured services, unpatched CMS [content management system] bugs, and other security problems.Scott-Railton

The senior communications manager at the town of Johns Creek said that they have already fixed the pages with the help of their hosting provider. Meanwhile, the University of California San Diego has asked users to reset their passwords.

While this time around, it looks like a harmless prank by a scammer; it might not be so the next time. These PDFs might simply point to certain websites, but the vulnerability they have found can be easily exploited for more malicious activities.

Krishi Chowdhary Journalist

Krishi Chowdhary Journalist

Krishi is an eager Tech Journalist and content writer for both B2B and B2C, with a focus on making the process of purchasing software easier for businesses and enhancing their online presence and SEO.

Krishi has a special skill set in writing about technology news, creating educational content on customer relationship management (CRM) software, and recommending project management tools that can help small businesses increase their revenue.

Alongside his writing and blogging work, Krishi's other hobbies include studying the financial markets and cricket.

Latest News

Tech Conferences

The 15 Most Breathtaking Tech Conferences Around the World

CMS Key Statistics

Essential CMS Market Share And Usage Statistics in 2023

The Content Management System (CMS) is necessary for many industries and organizations today. In the past, companies thrived without this tool because there was no internet to work with. There’s...

What is a DDoS Attack

DDoS Attack Statistics and Facts You Must Know (2018-2023 Data)

The distributed denial-of-service (DDoS) attack is one of the most destructive cyberattacks on the internet. It is so powerful that it can exploit and take down even the largest website...

Magento Key Statistics

Magento Statistics in 2023: Usage and Market Share


US Regulator Says Fortnite Will Refund Parents Their Kids’ Unintended Purchases

Crypto News

XRP Rich List Highlights Distribution of Top XRP Wallet Holdings

Crypto News

Ripple Price Forecast: New York Regulators Delists Ripple, What’s Next For XRP?