Last night, Microsoft’s site Digitalconstitution.com website, which focuses on Microsoft’s news and efforts to promote greater government transparency, was hacked.
The intentions of the hack are not clear as the website was mostly left intact, but search terms for online casinos and other content were embedded into Microsoft’s site. Zack Whittaker of ZDNet’s Zero Day blog notes:
“At the very top of the site appears to be injected text with keywords, typically used to garner greater search engine hits, including keywords like ‘casino’, ‘blackjack’, and ‘roulette.’ Some new pages have been injected to show content that embeds content from other casino-related websites. The rest of the site’s content appears to be intact.”
ZDNet also notes that the website was using a slightly older version of WordPress, version 4.0.5 instead of 4.2.2.
Microsoft setup Digitalconstitution.com after the Edward Snowden leaks of 2013 to help make the case for greater transparency and reform from the US government on surveillance and digital security policy. The site contains blogs, video, and news about issues ranging from US government search warrants, digital privacy, and Microsoft’s legal challenges in cases at the state, national, and international levels.
Unfortunately, this is not the only recent case of hackers exploiting a Microsoft website. Earlier last month it was revealed that Chinese hackers were using Microsoft’s TechNet site to run their botnet. While the TechNet assault was cleverly done in purely publicly accessible parts of the page without compromising the webpage itself, yesterday’s attack on Digitalconstitution.com did clearly compromise the website.Further reading: Hack, Microsoft, WordPress