There’s a lot of porn on Australian government websites, according to Google and other search engines.
Websites for federal, state and local government agencies are filled with pages dedicated to explicit adult content, and they’re all hidden in plain sight.
They have titles like “~[FREE] hd sex videos ! hd sex videos, XXX Video & XXX porn HD04473with cast Q&As, expert blogs, BTS photos, and more!” and “rough · finnish · extreme · cougar, milf”.
From the National Museum of Australia to the website for the Hume City Council in Victoria, enterprising individuals have taken advantage of how the internet works to make it look like government websites are hosting their content. And in this case, it’s mostly explicit content.
In the two most prominent examples, the National Museum of Australia (NMA) and Victoria’s Transport Accident Commission (TAC) — where each website has dozens of suspect pages listed on its official government domains — these listings are not the result of malicious hackers making their way onto government systems.
Instead, they are an example of largely harmless cybersecurity mistakes, cybersecurity firm Dvuln founder Jamieson O’Reilly told Crikey.
“It’s very limited risk. It’s more of a brand reputation thing,” he said.
O’Reilly said it appears NMA and TAC had fallen victim to what’s known as “dangling DNS” exploits. This is when a third party takes advantage of a failure to update web records — in this case, the domain name system (DNS) — and takes over a website that has been vacated.
Here’s an analogy: every time you put a web address into your browser, your computer converts the written domain to the IP address that is used by computers, like www.crikey.com.au to 192.0.66.164. In this analogy, the domain name is like a listing in Gregory’s street directory and the IP address is the house’s address.
Sometimes when people stop using their “house” — like if they abandoned a service that they once offered — they forget to update the “street directory listing” to say they’re no longer there. If this happens, sometimes a third party can take over the house, knowing that people who follow the street directory will still end up there.
In this example, several different people took over the abandoned services, which meant they suddenly had control over what was shown when people put “www.collectorfest.nma.gov.au” into their browser. In this case, they used it to promote spammy porn sites, presumably for some gain like advertising revenue.
When Google or other search engines index these government websites — which are generally given favourable positions in search rankings because a “.gov.au” domain suggests they are trustworthy — they interpret pages like “+!?!+>!Xnxx^SEX!Videos white girl porn ! …” as government websites, even though they’re not.
O’Reilly says there are probably “hundreds” of Australian government domains and subdomains vulnerable to this type of exploit.
A National Museum of Australia spokesperson said it had fixed the issue.
“No data from the National Museum has been compromised, and the issue poses no threat to the Museum’s IT systems and infrastructure,” they said.
Similarly, a TAC spokesperson said they addressed the problem.
“We are reviewing all existing and decommissioned TAC URLs to ensure they aren’t used for nefarious purposes,” they said.
