You've been hacked

John Brannen
Send to a friend

Send this article to a friend.

New Glasgow, Stellarton websites show telltale signs of hacker infiltration

PICTOU COUNTY – Looking for cheap cigarettes? Or perhaps some discount Mexican Cialis, Viagra or hair growth products.

At least two town websites in Pictou County appear to be a one-stop shop for all these items. Links to these products have sprung up on the home page of the town of New Glasgow website while other links are embedded within the town of Stellarton site. 

It’s all smoke and mirrors however and though you could click on the link for cheap cigarettes, it’s probably best you do not. You may get much more than you bargained for.

Links like this are evidence that these websites have been hacked and may unsafe to average users.

 

HOW TO FIND A HACK:

Evidence of the hack could be seen as recently as Aug. 22 on the town of new Glasgow website. At the bottom of the homepage on the right hand side was a light grey font that almost matched the background colour. The clickable hypertext read ‘cheap cigarettes’.

In fact, a quick Google search of ‘Stellarton’ returns a warning from the search engine that, “This site may be compromised.”

What this means is that Google has detected a hack or the presence of malware, software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

If you still don’t believe that anything is amiss, right click anywhere on the town of Stellarton’s home page and click ‘view source’. Towards the bottom of the computer’s HTML language, you’ll see hundreds of links and references to Cialis and Viagra.  

Again, these links are just decoys, indicative of a larger security problem.

 

HOW IT WORKS:

Hacks such as these, links embedded on pages, are merely tests for hackers to seek out and find weakness in a website. If a link can be successfully posted on the site, it becomes a springboard to further exploitation if not dealt with.

In the town website’s case, a hacker not only managed to infiltrate the New Glasgow and Stellarton town websites, but also appears to have done so completed undetected to the host server managed by the Pictou-Antigonish Regional Library for at least two weeks.

The News contacted the town of New Glasgow to inform them of a potential hack on August 7. The link to ‘cheap cigarettes’ was removed on Aug. 23.

If a site has been identified as ‘compromised’ by Google, like Stellarton’s, they offer several steps to take to quarantine the site. At the top of the list is ‘take your site down’. As of press deadline, the site is up and running.  

This means that every click on any hyperlinks, emails or downloadable items on the town websites could be tainted and potential invitations to a security breach on any computer that visits these sites. There, the hacker could access personal information such as logins, passwords and financial records.

 

WHAT IT MEANS FOR YOU:

The hackings are indications of two much larger problems. Firstly, the sites and the server that hosts them have been and still are vulnerable to attack. Secondly, citizens of Pictou County and visitors to these sites were left in the dark, potentially compromising their own digital security.

Eric Stackhouse of thePictou-Antigonish Regional Library said that the ‘cheap cigarette’ code was found and removed as the New Glasgow website moved to a new server with better firewalls.

“I don’t believe that anyone’s security was at risk,” he noted. “Our sites don’t store personal information.”

Jon Blanchard is a is a speaker, technology columnist with canada.com and the Globe and Mail as well as the ethics lead for the Nova Scotia Technology Guild. Henoted that a security breach of this nature has little to do with firewalls.

“Once a hacker has injected code into a site, they can remove it and replace it as they wish at random. Worse, a hacker can create a shell within the site and continue to an exploit that vulnerability to gain unauthorized access to data or network resources.”

When users visit an affected Web page, their browsers interpret the code, which may cause malicious commands to execute in the users' computers and across their networks.

Blanchard is a tireless advocate for an ethical approach to website security. His bottom line is simple: if your site has been hacked, you owe it to previous, current and potential visitors to let them know and then resolve in a constructive way.

He’s seen numerous private and public sector websites, even after being told they’ve been hacked, do nothing.

 

A CASE STUDY:

There is one example of what a town should do after discovering they’ve been hacked.Crows Nest Pass, a small municipality located in southwest Alberta was hacked in May 2013.

“Crows Nest Pass represents a population of about 5,200 Canadians … and an annual operations budget in the several million range,” noted Blanchard in his blog ‘Sausage Love’ for canada.com. “They did the right thing and honestly, immediately, developed, debated and posted a formal request for proposals for their city web services.”

 

WHAT NOW:

Stackhouse indicated that it’s unlikely the presence of the malicious links on the town website’s page will be brought to the public’s attention.

“I could see the town of New Glasgow inform people if the site was down, but likely not this,” he said.

Blanchard noted that those in charge of a hacked website need to inform the public and begin to beef up their security.

“The average costs to an individual who has credit cards and personal information stolen through hacking is around $5,000,” he noted. “If a site values its customers, they’ll let the public know.”

 

john.brannen@ngnews.ca

On Twitter: @NGNewsJohn 

Organizations: Google, Pictou-Antigonish Regional Library, Globe and Mail Nova Scotia Technology Guild

Geographic location: New Glasgow, Stellarton, Pictou County Alberta

  • 1
  • 2
  • 3
  • 4
  • 5

Thanks for voting!

Top of page

Comments

Comments

Recent comments

  • J
    August 26, 2013 - 17:43

    I cannot understand why The News has deleted most of the previous comments... Is the Town of New Glasgow trying to restrict the speech of persons being critical of the town? (Last I checked The Canadian Charter of Rights and Freedoms was still a thing.) Every comment posted was valid in criticism, and I cannot understand why (if the Town of New Glasgow indeed requested the removal) The News has colluded with the town in silencing valid criticism of posters. The Town of New Glasgow should be rightly embarrassed by the fact their website was compromised and that in the many months it was in that state, the IT administrators failed to identify the fact THEIR website was compromised, and it required the media to bring it to their attention. A small website such as New Glasgow's is not a high profile target to be hacked, which leads to the thought hat their website was insecure (eg. Weak or default passwords, or un-patched security vulnerabilities in their CMS platform). Residents of the Town of New Glasgow should be questioning the integrity of the town's others platforms, specifically ones containing records with personal information. This should be a wake-up call for New Glasgow that maybe they should take security of their IT infrastructure seriously. On a side note, to me it seems like 'Amazed' is someone at the Town of New Glasgow attempting damage control.

  • J
    August 26, 2013 - 16:39

    I cannot understand why The News has deleted most of the previous comments... Is the Town of New Glasgow trying to restrict the speech of persons being critical of the town? (Last I checked The Canadian Charter of Rights and Freedoms was still a thing.) Every comment posted was valid in criticism, and I cannot understand why (if the Town of New Glasgow indeed requested the removal) The News has colluded with the town in silencing valid criticism of posters. The Town of New Glasgow should be rightly embarrassed by the fact their website was compromised and that in the many months it was in that state, the IT administrators failed to identify the fact THEIR website was compromised, and it required the media to bring it to their attention. A small website such as New Glasgow's is not a high profile target to be hacked, which leads to the thought hat their website was insecure (eg. Weak or default passwords, or un-patched security vulnerabilities in their CMS platform). Residents of the Town of New Glasgow should be questioning the integrity of the town's others platforms, specifically ones containing records with personal information. This should be a wake-up call for New Glasgow that maybe they should take security of their IT infrastructure seriously.

  • Amazed
    August 24, 2013 - 08:31

    J- you sound like a disgruntled employee....maybe they should have changed their "default password" If someone want in, they're going to get in. Even the Pentagon and CIA Headquarters get hacked. I'm sure the town of New Glasgow is smart enough to not store personal info on any server that has outside access.