29 Jul 2015

The hackers using government websites to sell dodgy pills

A Channel 4 News investigation exposes the scam artists using .gov.uk web pages to sell unlicensed drugs and counterfeit Rolex watches.

Government websites are being hijacked by hackers who use them for the sale of counterfeit goods, including mental health drugs unlicensed in the UK.

A Channel 4 News investigation has revealed a series of .gov.uk sites broken into and used to sell goods including prescription drugs and replica luxury products.

They include a Scottish Government science website which contained several pages promoting Viagra, and the Gibraltar government website, which was being used to sell replica Rolex watches.

The hackers target government websites because they are trusted and therefore appear higher up in listings on search engines such as Google.

“If I’m going to buy something I’m probably going to start with a search engine, and then that’s where I purchase my product from,” said Chris Doman, who has been researching the online counterfeit trade for financial firm PwC.

“The reason [hackers target government websites] is because the way search engines rank websites is often based on how trusted they are. So if a website is very trusted it’ll come up top when I’m looking to buy something.”

Hackers break in by exploiting weak passwords or badly built websites, then hide promotional pages in obscure parts of the site. When a buyer searches online for specific products, the government site will appear high in the rankings. Users who click on the link, perhaps reassured by the .gov.uk domain name, are bounced into the hackers’ site.

“The counterfeit trade is worth tens of billions of pounds on an annual basis. Obviously a lot of that is going to support other types of criminality, and there’s even reports that terrorism is potentially being funded by some of this counterfeit trade,” said Charlie McMurdie, former head of the Metropolitan Police Central eCrime Unit.

The Scottish Agricultural Science site, sasa.gov.uk was home to several Viagra sales pages which linked to a website called oxs-pharmacy.com.

Antidepressants being tested

Channel 4 News ordered Viagra tablets through the site, but when tested by a government-approved lab the pills turned out to be anti-depressants, the side effects of which include erectile dysfunction and suicidal thoughts.

Channel 4 News sought comment from oxs-pharmacy.com. Two hours later the site was offline and the sasa.gov.uk hacked pages had been pointed towards a new but identical site, www.yourtrustprescriptionsupplier.com.

After repeated requests for comment from both websites, the hacked links on the SASA website were changed so that they no longer linked to either site.

“Depending what commodity you search for you will find thousands and thousands of these scam pages, with counterfeit goods being advertised,” said Charlie McMurdie, former head of the Metropolitan Police Central eCrime Unit. “You can take them down and minutes later they’ll pop up again.”

Gibraltar search results

The hackers go to great lengths to hide their work. Once inside a site they can change its appearance to fool the legitimate owners into believing nothing is wrong.

Typing www.gibraltar.gov.uk into a search engine, for example, leads to the genuine Gibraltar Government website. Typing the same address into Google brings up the same link, but when clicked on it directs users to a page of links promoting “replica Rolex watches”.

The Cabinet Office is the registered owner of many .gov.uk, but says it leaves security to be handled by the sites’ owners. The SASA website has now been closed down while the Scottish Government investigates. The Gibraltar Government had not responded at the time this article was published.