Government investigation websites are often abandoned and filled with spam and malicious links as certificates expire and security updates lapse.
According to a blog by security researcher Terence Eden, abandonment is the primary cause of the vulnerabilities and, as time wears on, people begin to drift away from the project, jobs change and no one is left responsible for updating and maintaining the software.
“So we move on to the tragic fate of the abandoned Public Inquiry website. Long after ‘lessons have been learned’ these sites stand in monument to the vast human undertaking required to make sense of a tragedy,” he said.
Eden pointed to the websites for the Leveson Inquiry, which has an open admin page and outdated WordPress CMS, while the investigation site into the murders by Dr Harold Shipman has now been taken over by an affiliate marketer, who has redirected it to a spam site full of loan adverts.
Eden said: “The site should have been left standing in memorial to the victims. A tribute to let their families know that the state recognises their loss and will do everything in its power to stop such horrors from being inflicted on other people. But now it’s just a sordid way for the Midlands Young Entrepreneur of the Year (2008) to make a few quid.”
He also highlighted the inquiry websites into Bloody Sunday and Iraq War as being among around a dozen that have been abandoned, and said that there needs to be “a radical re-think in the way that the state approaches digital infrastructure”.
“This means long term legacy planning – not just thinking in terms of election cycles. It means employing people who know what they are talking about – not just the heads of ‘think tanks’. It means no longer being afraid of technology – but rather embracing the promise it brings of a better world for all,” he said.
In a message to IT Security Guru, Eden said that this was simply a case of bad housekeeping, as in some cases, the websites redirect either to the National Archives, or to the new gov.uk pages. “That is what should happen to them if they cannot be externally hosted any more. They are linked to from hundreds of news sources, academic reports etc. and it is irresponsible to shut them down.”
