Museum Website Vandalized with X-Rated Ads

Visitors to a Scottish tourism website were greeted with X-rated images after malicious cyber-criminals plastered its pages with pornographic promotions. 

The independent site was set up by organizers ABC to help tourists seeking cultural experiences in East Lothian. 

"People usually tend to overlook museums when they are on a break because these places take time and lot of patience, but we at ABC are dedicated towards changing that mindset and introduce people to museums in East Lothian," said the group. 

But despite describing themselves as a "team that loves museums and wants the natives of Scotland as well as travelers from other countries to know their importance," ABC appears to have abandoned the website.

The East Lothian Courier reports that no news or updates have been posted to the site in more than two years. 

After apparently being forsaken by its operators, the site fell into the hands of cyber-criminals hoping to lure victims with links to sexually explicit content. After hacking into the site, the threat actors posted links to adult websites that promise to fulfill "society's darkest fantasies."

In addition to adware, the site was laced with graphic descriptions of sex acts that could be viewed by clicking on certain links.

East Lothian Council said the racy site has now been updated with a security warning. 

"We are aware of this site, which details information on a range of museums and related visitor attractions across the county. It is not linked to or connected with East Lothian Council and our museums service or using the council branding style or logo.

"Anyone connecting to this site will see a security warning which indicates that continued use of the site may cause problems to the user."

Enquiries by the council were unable to establish where the site might be hosted. But misspellings of the word 'whisky' suggest it may not be based in Scotland. 

Dirk Schrader, global vice president of security research at New Net Technologies, commented: “Websites are an easy target for attackers, as they are destined to be publicly available. This means the attacker can scan them with a range of automated penetration tools. 

"Badly maintained websites, using outdated content management systems, are the go-to place for attackers to install reflectors or agents to enable additional attacks."

What’s Hot on Infosecurity Magazine?