Microsoft's site dedicated to fighting US surveillance just got hacked

The site, which appears to be running an older version of WordPress, was displaying spam links to casino-related pages.
Written by Zack Whittaker, Contributor
(Image: ZDNet/CBS Interactive)

Microsoft's website dedicated to fighting the US government on matters of policy and surveillance has been hacked.

The site, which was launched in mid-2013 months after the Edward Snowden revelations were first published, soon became a platform for Microsoft's corporate views on government surveillance and a new case dedicated to fighting an international search warrant.

But the site appears to have been modified around 9:15pm ET on Wednesday, and remains affected at the time of publication.

It's not clear who is behind the attack.

At the very top of the site appears to be injected text with keywords, typically used to garner greater search engine hits, including keywords like "casino", "blackjack", and "roulette." Some new pages have been injected to show content that embeds content from other casino-related websites. The rest of the site's content appears to be intact.

(Image: ZDNet/CBS Interactive)

The site's code suggests it is running WordPress 4.0.5, an older version of the popular blogging software released in early May. The latest WordPress version is currently at 4.2.2.

Based on the kind of content injected into the site, it does not appear to be a cyberattack claimed by any particular group or hacker -- more likely a scammer who's able to exploit a weakness in an older version of the site's software.

Within an hour of the attack, some of the content had been removed, but some buried pages remained.

We reached out to Microsoft but did not immediately hear back. We'll update the piece once we hear back.

This post has been updated.

Editorial standards