Security Watch

Keeping Track of patches and hacks in the IT security world.

Government Site Pushing Muscle Relaxants

The Web site of the National Oceanic & Atmospheric Administration (NOAA) has been infiltrated by either an authorized insider or a hacker who has littered its "hot items" section with more than 70 pages advertising the prescription drug Soma, a muscle relaxer.

The apparent hack was first noticed and reported to NOAA by Thor Schrock, owner of computer repair and services shop Schrock Innovations. Schrock said in his blog that he discovered the hack when he noticed a spam post on his customer support forum that he "normally would have deleted and forgotten about," if it weren't for the fact that the dozens of links in the post led back to a .gov site, "a highly unusual occurrence for this kind of scheme."

The .gov links are highly coveted, Schrock notes, given that Google and other search engines treat them as "solid gold" because they're only allowed to be used by official government sites in the United States. This automatically elevates a site's ranking in search engines.

The spam pages are interlinked to cross-promote each other. The pages also contain pay-per-click ads. Schrock notes that the ad banner appears to come from, a London-based advertising network.

Schrock suggests that the ad script, viewable in the source code, could be used to track the pages back to whomever is waiting for payment after receiving clicks on the ads. He also says:

"The var ad_key in the page source code may be a publisher ID that could be used by the ad network to ensure that clicks on the advertisement are credited to the individual responsible for them. It is conceivable that the ad network would be able to identify the party responsible for the advertisements on these pages using that ID."

A spokesperson for NOAA said that the agency is aware of the incident, is investigating it and has notified the FBI. WizardRules has not of yet responded to queries.

*This post was modified to include feedback from NOAA.