There is something wrong with the website of the USDA.
The federal department is known for handling policy about agriculture and food safety, but it seems like it has been dipping its toes into a new area.
A large cache of publicly-accessible PDFs recently started appearing on USDA.gov that link to pirated media including movies, TV shows, sporting events, and video games in what appears to be either a hack, an inside job, or some kind of bizarre glitch.
There are links on USDA.gov for illegal streams of movies like "Spider-Man: No Way Home" and "The Matrix Resurrections". Or maybe you want to watch a football match between the two teams or a UFC fight. There are links in some PDFs to scam websites to buy Robux for the video game.
Richard Forno, the assistant director of the University of Maryland, Baltimore County's Center for Cybersecurity, told Futurism that it was surprising how widespread it was. How has this not been noticed?
The PDFs were on the USDA.gov website, which was dedicated to educating people on food assistance about shopping and cooking healthy meals. The PDFs, which contain links to third-party websites, along with garbled text, were sandwiched between wholesome pages on the subdomain about topics such as homemade holiday meals and onions.
After Futurism reached out to the USDA, the entire SNAP-Ed subdomain disappeared from the department's site, replaced with a landing page with lorem ipsum text.
The USDA takes security very seriously in both the online and physical spaces. We are working with our cybersecurity teams to investigate the issue and resolve it as quickly as possible.
Jake Moore, the global cybersecurity advisor for internet security company ESET, said that he believed the apparent intrusion was an effort by a hacker to boost the ranking of streaming sites by piggybacking off a government domain. Ahrefs estimates that USDA.gov has an ironclad domain authority of 92, making any outbound links it hosts a prize.
In the past few years, Google has changed its methods to fight piracy. This means that the people behind those sites have had to get more creative in order to boost their ranking with the search engine, and this could be one of their tactics.
Moore told Futurism that the search engine doesn't like to improve the quality of copyrighted material. You can still find it in their search results. It is not waterproof. A bad actor might be able to get access to these PDFs on a government website and then use these links to boost the sites in the rankings.
Moore said that hackers could be taking two approaches. The tactic helps boost their websites in search engines, but it could also be used to market their hacking skills to potential customers.
If someone is trying to sell their credentials to this government site, they might want to show proof that they have gained entry. It is easy to throw in illegal material with these PDFs. It shows that the files have been accessed by the hackers.
He said that they are able to show links to dark web marketplaces. The buyer knows that they have access to potentially do more dangerous attacks on the site.
The fact that this breach flew under the radar of the federal government is disconcerting. The hack should have tripped off sensors.
Moore believes that the bad actors probably accessed the USDA's systems through a phish campaign. He said that someone with access to the website could have sold their credentials to the hackers.
Both Forno and Moore said they wouldn't rule out the possibility that the attack could be from a nation state. Several US departments fell victim to the SolarWinds cyberattack, which resulted in the theft of top government officials' emails and credentials. It is highly unlikely that such an attack would happen in this case, but it is still a possibility.
Some in the black hat community have publicly discussed how to inject PDFs into government websites, including specifically the USDA, with directions that led to a login portal that the USDA pulled offline shortly after.
The same attackers, or others using a similar trick, have placed PDFs on other government sites. The Bureau of Indian Affairs appears to have hosted similar files before they were deleted.
Regardless of who is behind the apparent intrusion, it should cause concern for both the US government and the public. More than 41 million Americans rely on the Supplemental Nutrition Assistance Program to purchase food. The hack indicates that the website these Americans rely on to feed themselves and their families could be vulnerable to bad actors looking to access their personal information.
It also raises the possibility that someone who gained improper access to a.gov domain could use it to sow domestic or international unrest.
What else could be compromised on this server? Forno asked. Is the user data protected? Is this part of a larger security concern? It raises questions.
Jon Christian reports additional reporting.
The National Cybersecurity Council lost 8 members.
Are you interested in supporting clean energy adoption? At UnderstandSolar.com, you can find out how much money you could save if you switched to solar power. Futurism.com may receive a small commission if you sign up through this link.