Incident Details

Incident: Government Websites Redirect Users to Porn Sites Due to Bug

Published Date: 2018-04-18

Postmortem Analysis
Timeline	1. The software failure incident of government websites mistakenly sending users to hardcore porn sites happened on an unspecified date but was resolved by Wednesday afternoon as per the article published on April 18, 2018 [70460].
System	1. Department of Justice's Amber Alert webpage 2. Department of Commerce's Weather.gov webpage 3. National Oceanic and Atmospheric Administration (NOAA) webpage 4. Google's PageRank algorithm 5. Redirect pages on government websites 6. Malicious redirect links 7. FBI's encryption on devices 8. Law enforcement officials' ability to unlock phones or devices with strong security and encryption 9. Malware and viruses planted on porn sites 10. Various types of viruses from porn sites such as Trojans, Drive-by downloads, Click-jacking, Tinder bots, Cat-Phishing, Ransomware, Worm, Pornware, Spyware, Fake Anti-virus [70460]
Responsible Organization	1. Porn bots were responsible for causing the software failure incident as they hacked government websites to redirect users to porn sites [70460].
Impacted Organization	1. Department of Justice's Amber Alert webpage 2. Department of Commerce's Weather.gov 3. National Oceanic and Atmospheric Administration (NOAA) webpage [70460]
Software Causes	1. Redirect bug affecting government websites, leading users to hardcore porn sites [70460]
Non-software Causes	1. Porn bots hacked the government websites to boost their rankings on Google's PageRank [70460]. 2. The bug redirected users to porn sites with names like 'schoolgirl porn' and 'girl v dog porn' [70460]. 3. The redirect bug was likely caused by malicious actors planting malware and viruses on porn sites [70460].
Impacts	1. Users were mistakenly redirected to hardcore porn sites when visiting government websites like the Department of Justice's Amber Alert webpage, Department of Commerce's Weather.gov, and the National Oceanic and Atmospheric Administration (NOAA) webpages [70460]. 2. The redirect bug affected the credibility and trustworthiness of the government websites, particularly the Amber Alert website, which is used by law enforcement to help find abducted children [70460]. 3. The bug potentially exposed unsuspecting users to malware and phishing scams, as the redirect pages could automatically send users to scammy webpages or download malware [70460]. 4. The incident highlighted the vulnerability of websites to unverified redirect bugs, which can be exploited by malicious actors such as porn bots to boost their rankings on search engines like Google [70460]. 5. The software failure incident raised concerns about the potential risks associated with visiting adult content websites, including exposure to various types of viruses and malware such as Trojans, ransomware, spyware, and fake anti-virus programs [70460].
Preventions	1. Implementing proper input validation and sanitization techniques to prevent malicious redirects like the one experienced on the government websites [70460]. 2. Regular security audits and penetration testing to identify and address vulnerabilities that could be exploited by hackers [70460]. 3. Utilizing web application firewalls to detect and block suspicious activities, such as unauthorized redirects to porn sites [70460]. 4. Educating website administrators and developers on best practices for web security to prevent such incidents in the future [70460].
Fixes	1. Implementing robust security measures to prevent unauthorized access and hacking attempts on government websites [70460]. 2. Conducting regular security audits and vulnerability assessments to identify and address potential weaknesses in the website's infrastructure [70460]. 3. Enhancing user awareness and education on safe browsing practices to prevent falling victim to phishing scams and malware attacks [70460]. 4. Collaborating with cybersecurity experts and agencies to investigate the incident, identify the root cause, and implement preventive measures to avoid similar incidents in the future [70460].
References	1. Gizmodo [70460] 2. Kaspersky Lab [70460]

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	one_organization, multiple_organization	(a) The software failure incident of mistakenly redirecting users to porn sites has happened before at the Department of Justice's Amber Alert webpage, as well as the Department of Commerce's Weather.gov and the National Oceanic and Atmospheric Administration (NOAA) webpages [70460]. (b) The article mentions that it wouldn't be the first time that hackers have planted malware and other viruses on porn sites, indicating that similar incidents have occurred at other organizations or websites as well [70460].
Phase (Design/Operation)	design, operation	(a) The software failure incident in Article 70460 occurred due to a design-related issue. The incident was caused by a redirect bug that affected several government websites, including the Department of Justice's Amber Alert webpage and the Department of Commerce's Weather.gov and NOAA webpages. The bug redirected users to hardcore porn sites, likely as a result of porn bots hacking the sites to boost their rankings on Google's PageRank algorithm. The redirect bug was a result of a flaw in the design of the websites, allowing unauthorized redirects to malicious sites [70460]. (b) The software failure incident in Article 70460 also involved an operation-related aspect. Users were unknowingly redirected to porn sites when visiting the affected government websites, indicating a failure in the operation of the websites. Despite warning notifications that users were leaving government websites, the automatic redirection to porn sites occurred without user interaction, potentially exposing users to malware or phishing scams. This operational failure led to a disruptive and inappropriate user experience [70460].
Boundary (Internal/External)	within_system, outside_system	(a) within_system: The software failure incident reported in Article 70460 was primarily due to a redirect bug within the government websites, including the Department of Justice's Amber Alert webpage, Department of Commerce's Weather.gov, and the National Oceanic and Atmospheric Administration (NOAA) webpages. The bug caused users to be redirected to hardcore porn sites, potentially as a result of porn bots hacking the sites to boost their rankings on Google's PageRank system. The incident involved the manipulation of the websites' redirect mechanisms, leading users to unintended destinations within the system itself [70460]. (b) outside_system: The incident also involved external factors, such as the actions of porn bots that exploited the redirect bug to redirect users to porn sites. These external entities, not part of the government websites' systems, were able to manipulate the websites' functionality and direct users to inappropriate content. Additionally, the incident highlighted the broader issue of unverified redirect pages being a common problem across the web, indicating vulnerabilities stemming from external sources beyond the control of the affected websites [70460].
Nature (Human/Non-human)	non-human_actions	(a) The software failure incident in Article 70460 was primarily due to non-human actions. The incident involved a redirect bug that caused several government websites, including the Department of Justice's Amber Alert webpage and the Department of Commerce's Weather.gov, to mistakenly send users to hardcore porn sites. This redirect bug was most likely caused by porn bots hacking the sites to boost their rankings on Google's PageRank algorithm. The bug automatically redirected users to porn sites without any human intervention, impacting the functionality and integrity of the affected websites [70460].
Dimension (Hardware/Software)	software	(a) The software failure incident reported in the news article [70460] was not due to hardware issues but rather due to a redirect bug in the software. The bug caused several government websites, including the Department of Justice's Amber Alert webpage and the Department of Commerce's Weather.gov, to mistakenly redirect users to hardcore porn sites. The redirect bug was likely exploited by porn bots to boost their rankings on Google's PageRank algorithm. The bug did not stem from hardware failures but rather from a software vulnerability that allowed unauthorized redirects to occur.
Objective (Malicious/Non-malicious)	malicious	(a) The software failure incident in Article 70460 was malicious in nature. The incident involved a redirect bug that caused several government websites, including the Department of Justice's Amber Alert webpage and the Department of Commerce's Weather.gov, to redirect users to hardcore porn sites. This redirect was likely orchestrated by porn bots to boost their rankings on Google's PageRank system. The incident was described as a bug that could potentially lead unknowing users to download malware or be redirected to scammy webpages as part of a phishing scam. Additionally, the incident highlighted the risks associated with visiting porn sites, including various types of malware and viruses that can harm devices [70460].
Intent (Poor/Accidental Decisions)	unknown	(a) The intent of the software failure incident: The software failure incident of government websites redirecting users to porn sites was not due to poor decisions but rather a deliberate action by porn bots to boost their rankings on Google's PageRank system. The incident was likely a result of hacking by porn bots to redirect users to porn sites, which could help the porn industry by increasing their visibility online [70460].
Capability (Incompetence/Accidental)	accidental	(a) The software failure incident reported in Article 70460 was not due to development incompetence but rather a redirect bug that was most likely exploited by porn bots to boost their rankings on Google's PageRank. The bug caused several government websites, including the Department of Justice's Amber Alert webpage and the Department of Commerce's Weather.gov, to redirect users to hardcore porn sites. This incident was more of a malicious exploitation of a bug rather than a failure due to development incompetence [70460]. (b) The software failure incident described in Article 70460 was accidental in nature. The redirect bug that caused government websites to send users to porn sites was most likely exploited by porn bots to boost their rankings on Google's PageRank. This accidental bug led to unsuspecting users being redirected to inappropriate content, highlighting the unintended consequences of such software vulnerabilities [70460].
Duration	temporary	(a) The software failure incident reported in the articles was temporary. The issue of government websites redirecting users to porn sites was identified and resolved within a short period. The bug was spotted on Tuesday evening, and by Wednesday afternoon, most websites had resolved the problem. Some affected sites were still appearing in Google search results, but clicking on the link generated a '404' error page, indicating that the redirect bug was no longer active [70460].
Behaviour	crash, omission, value, other	(a) crash: The software failure incident described in the article can be categorized as a crash. The government websites, including the Department of Justice's Amber Alert webpage and the Department of Commerce's Weather.gov, were mistakenly redirecting users to hardcore porn sites, indicating a failure in the system losing its intended state and not performing its functions correctly [70460]. (b) omission: The incident can also be classified as an omission. The system omitted to perform its intended functions by redirecting users to inappropriate websites instead of providing the expected content or services [70460]. (c) timing: The timing of the software failure incident is not explicitly mentioned in the article. However, the incident was spotted on Tuesday evening and seemed to have been resolved on most websites by Wednesday afternoon, indicating a relatively quick response to the issue [70460]. (d) value: The software failure incident can be associated with a failure in value. The system was redirecting users to porn sites instead of providing the legitimate content or services expected from government websites, leading to incorrect behavior [70460]. (e) byzantine: The byzantine behavior is not directly applicable to this software failure incident as there is no mention of inconsistent responses or interactions within the system [70460]. (f) other: The other behavior exhibited by the software failure incident is the potential risk of exposing users to malware or phishing scams. The redirect bug, although not a security flaw, could lead unknowing users to download malware or be redirected to scammy webpages, posing a threat to their online security [70460].

IoT System Layer

Layer	Option	Rationale
Perception	None	None
Communication	None	None
Application	None	None

Other Details

Category	Option	Rationale
Consequence	property, delay, non-human, theoretical_consequence, other	(a) unknown (b) unknown (c) unknown (d) Property: The software failure incident led to users being redirected to hardcore porn sites when visiting government websites such as the Department of Justice's Amber Alert webpage, Department of Commerce's Weather.gov, and the National Oceanic and Atmospheric Administration (NOAA) webpages. This could impact users' material goods, money, and potentially their data security [70460]. (e) Delay: Users may have experienced delays or interruptions in accessing the intended content on the government websites due to being redirected to porn sites [70460]. (f) Non-human: The software failure incident affected government websites like the Amber Alert, NOAA, and weather.gov, leading to the redirection of users to porn sites. This impacted the functionality and reputation of these websites [70460]. (g) No_consequence: There were no reported real observed consequences of people losing their lives, being physically harmed, or having their access to food or shelter impacted due to the software failure incident [70460]. (h) Theoretical_consequence: The software failure incident could potentially have caused unknowing users to download malware or be redirected to scammy webpages as part of a phishing scam. This theoretical consequence was discussed as a possibility [70460]. (i) Other: The software failure incident could have potentially exposed users to various types of digital STIs (digital sexually transmitted infections) that can harm devices when accessing adult content, as highlighted by computer security firm Kaspersky Lab. These include Trojans, drive-by downloads, click-jacking, Tinder bots, ransomware, worms, spyware, fake anti-virus programs, among others [70460].
Domain	government	(a) The software failure incident reported in Article 70460 is related to the government industry. The incident involved several government websites, including the Department of Justice's Amber Alert webpage, the Department of Commerce's Weather.gov, and the National Oceanic and Atmospheric Administration (NOAA) webpages being affected by a redirect bug that sent users to hardcore porn sites [70460].

Sources

Bug causes Amber Alert page and gov pages to redirect to PORN sites - Daily Mail - Published on: 2018-04-18
Article ID: 70460

Back to List