Hackers turn US health services site into online Ugg boots store

Filed Under: Featured, Hacked, Security threats

Image of Ugg boots courtesy of Flickr user marie-II under Creative Commons licenseFor at least the past two months, scammers have been hawking football shirts, Ugg shoes and Armani perfume from hacked US government pages that are actually supposed to provide services such as mental health counseling, suicide prevention and help for drug addicts, the Weekly Standard reported on Friday.

The hacked website pages, many of which are now showing 404 "page not found" errors, belong to the Substance Abuse and Mental Health Services Administration (SAMHSA).

SAMHSA is an agency of the US Department of Health and Human Services (HHS) and is responsible for running the new Obamacare insurance marketplace, Healthcare.gov.

The hacked pages were hawking merchandise such as National Football League (NFL) jerseys, Ugg shoes and Armani goods - specifically, fragrances, the Weekly Standard reports.

Weekly Standard's site features screen captures of the various pages.

Partial screenshot of SAMHSA's hacked website from 28 September 2013

This is a partial screen snapshot of http://nace.samhsa.gov/images/img5/index.asp as it appeared on 28 September 2013. The whole thing can be seen here.

According to the Weekly Standard, clicking on the hacked pages in some cases took users directly to an external website, while at other times, certain functions seemed to operate within the samhsa.gov site itself.

The news site found that at the time it investigated the hacked sites, two domains were registered in the United States and one was registered in China.

All of the hacked pages that the Weekly Standard uncovered were under the subdomain nace.samhsa.gov, which is the Native American Center for Excellence. As of Monday morning, the main site was showing a message saying that it was undergoing maintenance.

The first breach dates back to 29 July 2013.

After the story was initially posted, the nace.samhsa.gov site returned an error message saying that the site could not be found, but the message later changed to this message, replete with a suspicious misspelling:

This site is undgoing maintenance. We are sorry for any inconvenience this has caused you.

The wonky spelling on the error message may well indicate that there are more hijinks going on than maintenance.

I wrote to SAMHSA to find out if the agency is aware of its hacked pages, if it's actually fixing the problem, and why/how the hackers have managed to hawk boots for two months without being detected.

I hadn't heard back by the time this article posted.

In the meantime, steer clear of counterfeit goods.

As Sophos's Chester Wisniewski noted back in August 2011 when he wrote about Apple hiring a fake-Viagra expert to stop counterfeit iDevices, you're not just running the risk of substandard quality with fake products.

In the case of fake computing gear, Sophos gets ample reports from consumers who've picked up cheap "third shift" products that are infected with malware directly from the factory, he said at the time.

You won't get malware from fake, fashionable, fuzzy boots, but should you trust your credit card data to the people who sell them?

To quote my current favorite phrase from The Oatmeal comic, that sounds like a nice tall glass of "nope."

Image of Ugg boots courtesy of Flickr user marie-II under Creative Commons license.

, , ,

You might like

9 Responses to Hackers turn US health services site into online Ugg boots store

  1. Cindy · 191 days ago

    It would not surprise me if these conservative nut jobs called Republicans are partnering with the scammers just to make the Democrats look bad and the new health care law as well.

    • Magyver · 191 days ago

      ...*shakes head slowly* It appears that your "blinders" are keeping you from focusing on the real issue. The "most powerful government in the world" can't keep hackers out of their websites.

      If you've seen warnings by experts on the Internet warning that the Obamacare website was not only a prime target for hackers, but also vulnerable, you can start worrying now. That is, if you plan to try to enroll there which means giving up all your personal data.

      Cindy, you and your compatriots worship at the altar of a dysfunctional political party that creates messes then blames them on others.

  2. Ted · 191 days ago

    really? So the republicans did this. Less DWTS and more Federalist Papers... Fix yourself.

    • Cindy · 191 days ago

      I don't watch the show you mentioned but I do appreciate your thoughts about the Federalist Papers. I will educate myself on those.
      That does not change my view that a group of conservative bullies would go to any length while being funded by Republican think tanks and pacs to make anything the Democrats do look bad. Not sure of your age but I have hopes the
      Millennials will straighten out the mess these greedy bastards are perpetuating.

  3. Anonymous · 191 days ago

    The new health care law and the government IT implementation of it doesn't need opposing political philosophy to make it look bad. It looks bad all by itself. Imagine if Apple or Google had such a "high quality" implementation of a new web site, so why is the government held to any different standard than private industry in terms of IT? They had years to get ready for it. Keep in mind that same government can implement the NSA, track your credit card transactions, and keep a database on you. Educate thyself and read the law and the associated sub documents and rely less on dogma.

  4. hydrox · 191 days ago

    The new health care law and the government IT implementation of it doesn't need opposing political philosophy to make it look bad. It looks bad all by itself. Imagine if Apple or Google had such a "high quality" implementation of a new web site, so why is the government held to any different standard than private industry in terms of IT? They had years to get ready for it. Keep in mind that same government can implement the NSA, track your credit card transactions, and keep a database on you. Educate thyself and read the law and the associated sub documents and rely less on dogma.

    • larry · 191 days ago

      Yeah, cause Microsoft and Apple NEVER release anything that's bug or glitch free. Like iO7.

  5. Cnare · 190 days ago

    I think the point has been lost to most of you. This was a service of MENTAL HEALTH COUNSELING AND SUICIDE PREVENTION by the web site. It is not about the ACA, the GOP or the Dems. It is about hackers feasting on the vulnerability of the poor mental health and the help that is being extended to them. Hacking this site to sell football shirts speaks of prepubescent boys having "fun" Do it on your own dime. Just sayin'

  6. none · 190 days ago

    if you can't protect it don't collect it

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.