Update: The Sheriff’s Office on Sunday acknowledged that the problem was on its end rather than on Google’s–that its website had been the target of a hacking.
TThe release the sheriff’s office issued though characterized the problem as “malicious software on old and out-of-use agency web pages,” which again mis-characterizes the issue, as the sheriff’s office had mis-characterized it last week: there is in fact no such thing as “old and out-of-use” web pages on a website, since all pages can be accessible by malware, and malware does not embed itself on readable pages, but either creates its own or finds locations it can exploit, as was the case with the website hacking.
The problem is with vulnerabilities in any given website’s firewalls. Those vulnerabilities can occur on any website, through no webmaster’s fault, particularly since malware is an evolving threat that analyzes current protections then learns to override them. That’s what appears to have taken place against the sheriff’s website.
Still, the sheriff’s office, in its release, sought to lay blame for the problem on former Sheriff Jim Manfre: “Since 2013, the current website was under the control of the former Sheriff’s administration and not the County IT staff. As a result, County IT did not support or update the website server being used,” the release stated–even though through several website issues over the past two years, the sheriff’s office under Manfre adamantly referred all queries to the county’s IT department, saying the county, not the sheriff, oversaw the website.
In the current instance, the release also acknowledges that the county’s IT dep[artment, not the sheriff, updated software to close “loopholes.”
“It’s not necessarily the former sheriff’s fault, it just states a fact, it doesn’t necessarily states that’s the case,” Mark Strobridge, a sheriff’s spokesman, said of the wording in the release. “We’re being told that IT did not have responsibility for the website, and we just put in there that the comment was not designed to be malicious at all.”
The previous story is below.
Google’s Links to Flagler Sheriff’s Office Hacked By Malware, Porn and Clickbait
If you want to get to the Flagler County Sheriff’s Office’s website, don’t use Google. All Sheriff’s Office links on Google have been compromised, leading clicks to porn sites, malware- and click-bait infested sites, some of which will freeze your browser and seek to scare you into taking actions that would only make matters worse.
he problem developed in the past 24 hours, and affects (and infects) Google exclusively: the sheriff’s office’s website itself is clean, as are searches for the sheriff’s office through any other search engine, including Bing, DuckDuckGo, Dogpile, Yandex and Yahoo.
“The vulnerability is not with the sheriff’s office or our url, the vulnerability is with Google,” Sheriff’s spokesman Mark Strobridge said Saturday morning. But sheriff’s officials are at a loss as to why the hacking at Google’s end is taking place.
Whether it is, in fact, accurate that the sheriff’s office’s website has nothing to do with it is open to question: the site may be the victim of a hacker through what’s called a “conditional redirect,” which means that malware that has somehow managed to infect the sheriff’s website is telling any click coming from Google–by far the most popular search engine on the planet-too then redirect to the bad sites.
When the sheriff’s site is analyzed through Redleg, a freely available web-based scanner for malicious redirects, it reveals “some terms that are commonly used in spam hacks,” including “a number of terms, cialis, generic, viagra, milf, porn, that are common terms found in spam hacks.” A scan using a “user agent Googlebot” reveals large amounts of spam content embedded inside the site, and made up of massive amounts of malevolent catchwords. The scan also reveals that when the request for the sheriff’s website is typed into Google, the location returned is not the sheriff’s url. The scan reveals one of the urls that users are misdirected to: http://www.clicksgear.com/ (do not go to that site.)
Other malware, porn and clickbait sites the Google links redirect to include: Mediawhirl.net, privacysearchplus.com, pornmia.com, clicksgear.com, xxxjojo.com, stopcrawlingclub.com. Again, do not go to those sites if you’d rather avoid infection.
All of which suggests–but does not confirm–that the issue may be deep inside the sheriff’s servers rather than on Google’s end, and that an underlined statement in a sheriff’s release issued this morning (“The Flagler Sheriff’s website has not been hacked”) may at least be premature: the source of the hacking has not been determined.
The sheriff’s information technology issues are handled by the county administration, through the office of IT Director Jarrod Shupe, who said this morning that from his end it still appears to be a Google issue rather than an internal issue. “On the internal page we’ve ran internal scans, everything turned out fine,” Shupe said. He’s been in contact with Google, electronically–as there is no way to reach Google personnel in person–and with Go Daddy, which hosts the servers.
Shupe took down the site for two hours Friday to test whether the links would still go to malware site. They did, which would indicate that the links are not calling on malware inside the site to end up where they do (though that does not necessarily account for caching issues, which prolongs the life and behavior of links.)
Shupe has been in contact with the Sheriff’s Office Friday, when the problem was discovered.
“We don’t have the option either, unfortunately, of not having our url removed from their search engine,” Strobridge said. “Unfortunately, we’re not in control of what Google does.”
Google is no longer indexing the sheriff’s website normally. That is, the sheriff’s home page does not even appear in the search engine’s first page when the words “Flagler County Sheriff’s Office” are searched for, nor does the page offer up a home page with the usual menu of subpages, as with a normally indexed website. That may suggest that Google indexing of the sheriff’s site may have stopped or been suspended, which sometimes happens when the search engine decides–for a variety of reasons–to “blacklist” the site, which at times happens when a site is considered compromised. That’s not necessarily what took place with the sheriff’s site: understanding how and why Google does what it does is more often a hair-raising guessing game than a science. That’s precisely what hackers exploit.