A rather intriguing and sensational event has just made waves across the cyber security world. Several cyber security researchers, including network engineers and testing specialists, encountered a rather familiar domain, resembling that of PwC or PricewaterhouseCoopers. Only it’s hosting not just something about cyber security, but majority of it are ads, links, apps, and other contents of pornographic nature.
After careful treading and inspection, and added curiosity, the researchers have found that the pwc website or subdomain (pwc.com) is a somewhat forgotten subdomain owned by PricewaterhouseCoopers. It was evidently hacked and made into a cesspool of mixed offensive and pornographic contents. It also included malware-injected links and viruses.
The ads and links all redirect to various chat websites, chat rooms, blog sites and other social platforms that cater to and suitable only for adults. And these are all accessible via your regular web browser.
A security expert named, Vitali Fedulov, was the one who initially found and reported the event. He mentioned that he found and came across these sites more than twice last week. Fedulov is in charge of development for an image search engine and does network penetration testing as well. He mentioned that this incident is quite large enough to be considered just an oversight. Out of goodwill, Fedulov reported it and publicly disclosed the hacking incident.
As soon as it was reported, the hacked subdomain (amyca-devapi.pwc.com) was immediately taken down by PwC and it no longer resolves to an IP address. The screenshot above is from the remaining Google search entries that can still be seen as of this writing. PwC provides cyber security services for several businesses and corporate firms, including government organizations, but they are not keen on providing rewards or any of that kind for vulnerability discoveries, unlike other large tech companies.
According to network security experts, the hacked subdomain was pointing to amyca-dev-node.azurewebsites.net, a modified Azure subdomain created specially to host an API deployment system. Eventually, this was left unused and the domain expired, allowing a hacker to acquire registration and use it freely as their own.
This is what led the subdomain to be plagued by adult entertainment contents and become a host for malwares and other inappropriate elements altogether.
This incident demonstrates why companies, especially ones that deal with cyber security as their business, should not leave their registered corporate DNS unprotected. Note that the PwC network itself did not encounter any intrusions of any kind. A mere, forgotten DNS – an oversight – was all it took for a cyber criminal to take advantage and put this large cyber security company at risk.