The Government of Quebec has recently had to deal with some embarrassing incidents involving its presence on the web.
On April 14, the ministère de la Santé et des Services sociaux (Ministry of Health and Social Services) daily Twitter message about the status of COVID-19 included a link to a video from the Pornhub site, instead of the usual pandemic status page.
The ministry reacted some 40 minutes later by replacing the message with another containing the correct link. A subsequent message simply explained that “due to a situation beyond our control, a link with inappropriate content has been posted to our Twitter account. We are looking for the causes. We are sorry for the inconvenience”.
According to Sev Obarian, founder and senior consultant at SecurPro, an information security consulting firm, what likely happened is that the employee in charge of that Twitter account made a copy/paste error. They probably had the Pornhub link in their clipboard and they then copied the new link (the one they wanted to post) but the copy command failed, and when they pasted, they pasted the previous link that was still in their clipboard.
His recommendation to avoid these errors is to minimize the use of a computer used to publish content for personal purposes. “This time it was a mistake, albeit an embarrassing one. In a scarier scenario, the personal usage can result in a takeover of the computer and the attacker can then use the stored credentials/open sessions to redirect users to malicious sites and make a much bigger mess than what happened here.”
Four days later, a similar incident occurred when a link on the website of the ministère des Transports (Ministry of Transport) which was supposed to provide status information on Louis-Hyppolite-Lafontaine tunnel roadwork referred instead to a site selling Viagra and other drugs. The situation lasted less than an hour and, again, no explanation was provided by the ministry.
Regarding this second incident, Obarian believes it could be a DNS (the mechanism that associates domain names with IP addresses) configuration issue. “We don’t know if this was a mistake scenario or malicious takeover. If it was a mistake, it is an important one as DNS zone management is not an activity you do every day, unlike tweeting. When you make a change, you better be sure you put the correct links in there (i.e. triple check the info and the final results). If it was a malicious takeover of DNS zone management, it would mean that a hacker got access to the DNS zone management of the domain and that would a much bigger issue and an information security incident requiring investigation and root cause analysis.” Again, he stresses the importance of minimizing personal use of a work computer, which could make it more vulnerable to a hacker takeover.