Update: The Sheriff’s Office on Sunday acknowledged that the problem was on its end rather than on Google’s–that its website had been the target of a hacking.
TThe release the sheriff’s office issued though characterized the problem as “malicious software on old and out-of-use agency web pages,” which again mis-characterizes the issue, as the sheriff’s office had mis-characterized it last week: there is in fact no such thing as “old and out-of-use” web pages on a website, since all pages can be accessible by malware, and malware does not embed itself on readable pages, but either creates its own or finds locations it can exploit, as was the case with the website hacking.
The problem is with vulnerabilities in any given website’s firewalls. Those vulnerabilities can occur on any website, through no webmaster’s fault, particularly since malware is an evolving threat that analyzes current protections then learns to override them. That’s what appears to have taken place against the sheriff’s website.
Still, the sheriff’s office, in its release, sought to lay blame for the problem on former Sheriff Jim Manfre: “Since 2013, the current website was under the control of the former Sheriff’s administration and not the County IT staff. As a result, County IT did not support or update the website server being used,” the release stated–even though through several website issues over the past two years, the sheriff’s office under Manfre adamantly referred all queries to the county’s IT department, saying the county, not the sheriff, oversaw the website.
In the current instance, the release also acknowledges that the county’s IT dep[artment, not the sheriff, updated software to close “loopholes.”
“It’s not necessarily the former sheriff’s fault, it just states a fact, it doesn’t necessarily states that’s the case,” Mark Strobridge, a sheriff’s spokesman, said of the wording in the release. “We’re being told that IT did not have responsibility for the website, and we just put in there that the comment was not designed to be malicious at all.”
The previous story is below.
Google’s Links to Flagler Sheriff’s Office Hacked By Malware, Porn and Clickbait
If you want to get to the Flagler County Sheriff’s Office’s website, don’t use Google. All Sheriff’s Office links on Google have been compromised, leading clicks to porn sites, malware- and click-bait infested sites, some of which will freeze your browser and seek to scare you into taking actions that would only make matters worse.
he problem developed in the past 24 hours, and affects (and infects) Google exclusively: the sheriff’s office’s website itself is clean, as are searches for the sheriff’s office through any other search engine, including Bing, DuckDuckGo, Dogpile, Yandex and Yahoo.
“The vulnerability is not with the sheriff’s office or our url, the vulnerability is with Google,” Sheriff’s spokesman Mark Strobridge said Saturday morning. But sheriff’s officials are at a loss as to why the hacking at Google’s end is taking place.
Whether it is, in fact, accurate that the sheriff’s office’s website has nothing to do with it is open to question: the site may be the victim of a hacker through what’s called a “conditional redirect,” which means that malware that has somehow managed to infect the sheriff’s website is telling any click coming from Google–by far the most popular search engine on the planet-too then redirect to the bad sites.
When the sheriff’s site is analyzed through Redleg, a freely available web-based scanner for malicious redirects, it reveals “some terms that are commonly used in spam hacks,” including “a number of terms, cialis, generic, viagra, milf, porn, that are common terms found in spam hacks.” A scan using a “user agent Googlebot” reveals large amounts of spam content embedded inside the site, and made up of massive amounts of malevolent catchwords. The scan also reveals that when the request for the sheriff’s website is typed into Google, the location returned is not the sheriff’s url. The scan reveals one of the urls that users are misdirected to: http://www.clicksgear.com/ (do not go to that site.)
Other malware, porn and clickbait sites the Google links redirect to include: Mediawhirl.net, privacysearchplus.com, pornmia.com, clicksgear.com, xxxjojo.com, stopcrawlingclub.com. Again, do not go to those sites if you’d rather avoid infection.
All of which suggests–but does not confirm–that the issue may be deep inside the sheriff’s servers rather than on Google’s end, and that an underlined statement in a sheriff’s release issued this morning (“The Flagler Sheriff’s website has not been hacked”) may at least be premature: the source of the hacking has not been determined.
The sheriff’s information technology issues are handled by the county administration, through the office of IT Director Jarrod Shupe, who said this morning that from his end it still appears to be a Google issue rather than an internal issue. “On the internal page we’ve ran internal scans, everything turned out fine,” Shupe said. He’s been in contact with Google, electronically–as there is no way to reach Google personnel in person–and with Go Daddy, which hosts the servers.
Shupe took down the site for two hours Friday to test whether the links would still go to malware site. They did, which would indicate that the links are not calling on malware inside the site to end up where they do (though that does not necessarily account for caching issues, which prolongs the life and behavior of links.)
Shupe has been in contact with the Sheriff’s Office Friday, when the problem was discovered.
“We don’t have the option either, unfortunately, of not having our url removed from their search engine,” Strobridge said. “Unfortunately, we’re not in control of what Google does.”
Google is no longer indexing the sheriff’s website normally. That is, the sheriff’s home page does not even appear in the search engine’s first page when the words “Flagler County Sheriff’s Office” are searched for, nor does the page offer up a home page with the usual menu of subpages, as with a normally indexed website. That may suggest that Google indexing of the sheriff’s site may have stopped or been suspended, which sometimes happens when the search engine decides–for a variety of reasons–to “blacklist” the site, which at times happens when a site is considered compromised. That’s not necessarily what took place with the sheriff’s site: understanding how and why Google does what it does is more often a hair-raising guessing game than a science. That’s precisely what hackers exploit.
The Ghost of America says
Google isn’t getting hacked.
CaptainSniz says
No way Google would have been hacked. Looks like a classic code injection or dns redirect which would both be on the County IT.
Anonymous says
not google-i use internet explorer and this has been going on for weeks…..especially during inmate search..
Brad W says
Just my 2 cents, but this is is an issue with the site and most likely a malware infection (websites got viruses too). These infection add files and code that tell your browser to go to different destinations based upon different criteria. This is common unfortunately, but the fact is that this is not a Google issue or them being hacked. If that was the case and someone was actually able to hack Google to redirect websites a hacker wouldn’t pick one site they would probably seek to cause all traffic from all search results to go to varying places. Rather, someone hacked Fort Knox to cause issue with one little site? The infected code gets buried and depending upon the type of site and plugins it can be a bear to find the issues as they bury that stuff. Bottomline is I find it highly unlikely this is a “Google issue”, but in any case it will be interesting to see if we are told the redult of what the findings are eventually.
The Truth says
Google was not backed. The issue is that there were stale links on Google pointing to locations in the FCSO website that Was hijacked. These stale locations were the problem and were triggering this problem. Their IT department should have known this.
The Truth says
On another note, you’ll now notice when clicking those same links on Google you now get that the page doesn’t exist. Someone at the county IT realized it was a stale page triggering this and removed the page from their web server. Google will crawl their site and adjust links accordingly.
John F. Pollinger says
I emailed the Sheriff’s Office two weeks ago about a link problem on their website that takes you to a Canadian Pharmacy selling drugs for erectile disfunction. Never answered me and the link is still there under qualifications to become a reserve deputy.
http://flaglersheriff.com/index.php?option=com_content&view=article&id=59&Itemid=202
KB63 says
I use internet explorer. Happened to me 2 weeks ago. Whole screen went to porn and then locked up wanting me to call “microsoft” with my problem & pay to get it fixed. Luckily I went to my laptop and was able to follow the directions to get rid of it. I thought it was a fluke or perhaps I didn’t watch close enough on what site I clicked on. This is not just google at all and it’s been going on for longer than 24 hours.
happening now says
It was on the site so long, I thought it was a sting operation. I shut down the computer when it would come up, but, thought that perverts were dumb enuf to click.
Randy Pagan says
I got re-diected glad to see it was not my machine and was a FCSO problem. They wanted $ by calling a phone number freezing all screens. I shut off my laptop pulled battery and it restarted fine. Then ran Avast and I was good it said. This was days ago using Firefox??