Ew, Commission! EU website links to OnlyFans logins

Ew, Commission! EU website links to OnlyFans logins
Опубликовано: Thursday, 30 March 2023 05:16

Security researchers found links to illegal content on an unprotected platform run by EU services.


Want to stream a pirated movie? Access to sex-workers platform OnlyFans? The European Commission has you covered.

Researchers at cybersecurity firm Nord Security said Tuesday they had found links lurking on a Commission website that were promoting illegal streaming websites and services creating accounts for websites like OnlyFans and gaming platforms like Fortnite, PlayStation and others.

The incident, while limited in its effects, reveals poor cybersecurity standards in parts of the European Union’s online infrastructure, as digital threats like cyberattacks and disinformation are on the rise.

The links to pirated and illegal content were posted on the subdomain school-education.ec.europa.eu of the European Commission’s main website, which supports schools and education institutions with resources, funding programs and networking.

"It’s part of what’s called blackhat SEO," said Adrianus Warmenhoven, cybersecurity researcher at Nord Security, explaining how hackers are working to get reputable sites, like the European Commission’s, to include links back to their websites in order to improve their ranking on search engines like Google. In this case, the Commission service running the website managed its security settings poorly, allowing outsiders to create profile accounts on the outside websites and include links, PDFs and other files on the Commission website.

"It’s not rocket science to abuse it. It’s also not rocket science to defend against it," Warmenhoven said. The fact that the Commission failed to do basic cybersecurity checks on the website "is actually the most worrisome part," he added: "It’s really one of those basic operational things that has not been done yet."

Nord Security flagged the links to the European Commission on March 10, it said. The EU had since taken down the pages that were displaying links. But Nord Security said PDF files with instructions on how to create free OnlyFans premium accounts and how to stream the Oscars 2023 broadcast were still hosted on the EU website.

A spokesperson for the European Commission said the institution was "aware of the issue and continue[d] working to solve it."

"We are proceeding as quickly as possible, while ensuring that we continue to provide uninterrupted services to and exchange with citizens," the spokesperson said, adding that "we would like to thank all attentive experts and interested parties for helping us to identify such worrying and unfortunate abuse."

The European Union has faced increasing cybersecurity threats in recent years, further driven by the global COVID-19 pandemic and the war in Ukraine.

Part of the problem for the bloc is that European institutions like the Commission, Parliament and the Council of the EU, as well as dozens of its agencies spread across Europe, all run their own IT services — and many have underinvested in patching cybersecurity vulnerabilities over the years.

In March 2020, the Commission proposed rules that would streamline cybersecurity policy across the institutions and agencies, including by giving more responsibility to its central cybersecurity services like the Computer Emergency Response Team (CERT-EU). The EU hopes to finalize that law this year. The bloc is also rolling out a Cybersecurity Strategy presented in December 2020 that includes boosting its local cybersecurity industry and setting up mechanisms to share information about online threats.

Related items

arrowread...
Graphic execution videos from Ecuador spread on X

Thursday, 11 January 2024 03:01

Gruesome social media content related to the

arrowread...
Romania Agrees to Repair Ukraine’s Internet After Russia Destroyed it in Massive Cyberattack

Wednesday, 10 January 2024 14:16

Ukraine and Romania have signed a cooperati

arrowread...
Ukraine says Russian hackers penetrated major telecoms network for months

Thursday, 04 January 2024 12:40

‘No one is actually untouchable,’ warns Kyiv’

arrowread...
Pornhub to face EU’s toughest online content regime

Wednesday, 20 December 2023 11:33

Three major adult content sites fall in scope

arrowread...
Inside the police force scouring the internet to save abused children

Tuesday, 19 December 2023 18:24

Child sexual abuse material is proliferating