How Government Engineers Made Shortened NASA Links a Side Door for Spammers
Malicious sites are taking advantage of government’s poorly designed domains.
Spammers and phisher are targeting the shortened links of “.gov” websites through a vulnerability that makes it easy to disguise redirected links through Bit.ly’s link shortening services. The spammers are taking advantage of a vulnerability known as “open redirects,” which are basically poorly constructed domains that spammers can use to damage the reputation of the website in question, often without them knowing about it.
Government organizations such as South Dakota’s Strong Families organization has a vulnerable open redirect link, which looks like a regular trusted government URL. But, spammers could tack on a basic tag and redirect users to a malicious website. With longform links the redirect could be somewhat obvious if viewers take the time to notice the extraneous tag at the end redirecting to a raunchy porn sites, spam sales destination, or malware host site.
However, run that same link through the popular link shortening tool Bit.ly and users are faced with a trusting and official looking “1.usa.gov” link. Even the keen-eyed internet searcher could be fooled.
Government websites are trusted, but they aren’t all that popular. During a hackday analyzing 1.usa.gov links, Dmitry Kachaev found that only 296 registered domains, out of 1,731, were mentioned on Twitter in the 60 days prior to his search. As part of the same effort, Adam Laiacano analyzed data and found that NASA is the most popular government website with 42 percent of all clicks on 1.usa.gov links going to agency websites. Most of that traffic is coming from European countries, he found, while U.S. searchers have a more varied spread of visited government sites.
One way to prevent getting tricked is to use Unshorten.it, which unravels those bit.ly links and gives users information on whether the link is safe or not.