'Impersonators' use AKleg.gov site to push porn, pharmeceutical sales web pages

By  | 

ANCHORAGE (KTUU) - If you follow the happenings within the Alaska State Legislature, you've likely used its official website before, searching for bills, legislators’ contact information, or meeting schedules.

Someone else, though, has been using it too, but not for the same purpose. Instead, impersonators have exploited the trusted authority of the akleg.gov URL to legitimize much less trusted websites across the internet, including pornography, pharmaceutical websites, and online gambling hubs.

"Have a high authority site - such as government, military, education, anything like that - pointed at your site," said information security consultant Matt Peters of Threat Informant. "They're now using that as a reference."

"They" are what Peters calls vendors of the three P's: pills, porn and poker. By being tied to the Alaska legislature's website - and its .gov suffix - online advertisers can increase the trust of unregulated pharmaceutical outposts, porn sites and online gambling hubs, generating revenue from clicks to links that would otherwise be filtered out by search engines.

"Smaller companies, this happens to a lot," Peters said. But for state government and other institutional websites, he said, not so much.

"Something coming from your lawyer's site or accountant's site isn't a big deal, because they don't have a lot of authority, (but) the AKleg.gov site does."

The site is one of many that have fallen victim to a scheme in which someone was using its URL - the suffix of which is widely trusted by the general public - to legitimize trashy websites.

"In general, it's just a way to get the site to have more legitimacy," Peters said. "Also takes it off a blacklist, because, why would you need to blacklist a site if the Alaska legislature website is linking to it?"

In short, someone or some group was using the AKleg.gov URL to slip past search engine filters for websites of their choice. They also used a redirect command in a written script - part of a web page’s code - to forward people after about 10 seconds or so to their selected sites.

"(They're) doing what the script is intended to do," Peters said, just not the way the legislative affairs agency meant. Had the webmaster put in the authorized list of domains allowed, though, the redirect would have only been possible for authorized websites. Notably, the redirects are no longer present in the script since the web staff has removed them.

"Nothing, no content or scripts were ever on our site that we didn't put there," said Shay Wilson, Networking Programming Supervisor for the State of Alaska Leguskative Affairs Agency. "It is not a security problem.

“It’s just redirecting though, which obviously makes us look bad,” he said.

The “imposters,” as Wilson called them, did all of this to get bumps on search engines. If you typed that web address into Google, for example, you’d primarily see legislative sites on the first few pages. Most of the initial links will lead you to the actual legislative website. Continue a bit further into the search results, though, and you may find links that on the surface would appear to be legitimate, but in reality have no connection whatsoever to the legislative website outside of the URL. The copycats might send you to those unrelated sites, which often carry malware that could potentially infect your computer.

That being said, the average user need not be worried about having visited the AKleg.gov site in recent months, since the links weren't visible on the site itself. You wouldn't click a photo of a representative, for example, and be redirected to pornography.

"We're not handing out those links," Wilson said. "We're not hosting that content. It is not a security threat."