Microsoft’s employees were struck with feelings of irony and disbelief when their microsite containing policies related to individual privacy and surveillance was hacked last week, after which gambling website links appeared on it. The website had been launched in 2012 after the infamous leaks publicised by Edward Snowden to showcase the firm’s policy about privacy and government surveillance. The microsite has been modified to include keywords related to casino industry along with links to casino websites. Experts believe that the site Digital Constitution was easily hacked as it runs on a weak platform of WordPress 4.0.5 while the latest one is 4.2.2 and much stronger than the previous buggy platform.
Details of the hacking
The website was hacked at 9.15 PM EST on Wednesday 17th June 2015 and there is no information available if the act was committed by a group or an individual. The website was dedicated to fighting for privacy against government surveillance and international search warrant. During initial part of the hacking process the Digital Constitution website displayed online casino advertisements on top bar and within few minutes mischievous content related to casino industry spread across all the pages and defaced them. Most of the wrong content was removed within hours of the attack from the landing page.
About Digital Constitution
The website which is owned by Microsoft is designed and developed by New Media Campaigns that creates websites which are easy to manage. It was easy for scammers to find the vulnerability in this site as they use automated tools to scan websites on a regular basis to exploit ones that do not have updated CMS systems and inject malicious content. According to ZDNet, the links posted by the spammer appears to be the handwork of one of 888 Casino’s affiliates which generates traffic by breaking into vulnerable WordPress sites with fraudulent traffic.