Quebec government embarrassed by web faux pas

The Government of Quebec has recently had to deal with some embarrassing incidents involving its presence on the web.

On April 14, the ministère de la Santé et des Services sociaux (Ministry of Health and Social Services) daily Twitter message about the status of COVID-19 included a link to a video from the Pornhub site, instead of the usual pandemic status page.

The ministry reacted some 40 minutes later by replacing the message with another containing the correct link. A subsequent message simply explained that “due to a situation beyond our control, a link with inappropriate content has been posted to our Twitter account. We are looking for the causes. We are sorry for the inconvenience”.

According to Sev Obarian, founder and senior consultant at SecurPro, an information security consulting firm, what likely happened is that the employee in charge of that Twitter account made a copy/paste error. They probably had the Pornhub link in their clipboard and they then copied the new link (the one they wanted to post) but the copy command failed, and when they pasted, they pasted the previous link that was still in their clipboard.

His recommendation to avoid these errors is to minimize the use of a computer used to publish content for personal purposes. “This time it was a mistake, albeit an embarrassing one. In a scarier scenario, the personal usage can result in a takeover of the computer and the attacker can then use the stored credentials/open sessions to redirect users to malicious sites and make a much bigger mess than what happened here.”

Four days later, a similar incident occurred when a link on the website of the ministère des Transports (Ministry of Transport) which was supposed to provide status information on Louis-Hyppolite-Lafontaine tunnel roadwork referred instead to a site selling Viagra and other drugs. The situation lasted less than an hour and, again, no explanation was provided by the ministry.

Regarding this second incident, Obarian believes it could be a DNS (the mechanism that associates domain names with IP addresses) configuration issue. “We don’t know if this was a mistake scenario or malicious takeover. If it was a mistake, it is an important one as DNS zone management is not an activity you do every day, unlike tweeting. When you make a change, you better be sure you put the correct links in there (i.e. triple check the info and the final results). If it was a malicious takeover of DNS zone management, it would mean that a hacker got access to the DNS zone management of the domain and that would a much bigger issue and an information security incident requiring investigation and root cause analysis.” Again, he stresses the importance of minimizing personal use of a work computer, which could make it more vulnerable to a hacker takeover.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Renaud Larue-Langlois
Renaud Larue-Langlois
Half journalist, half IT Manager, full technology nerd. After a 25+ year career in IT, becoming a writer was a natural choice for Renaud. It literally runs in his family. His areas of interest are... anything, as long as it's technology-related. He can be reached at rlaruelanglois@itwc.ca

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now