The right honorable Grant Schapps against a censored pornographic background

A Gov.uk site dedicated to porn? Absolutely. Best of British Porn? Not Quite.

David Rutland
David Rutland Security

All websites want traffic. It’s the lifeblood of the internet - if you you don’t have visitors, how can you flog them spurious and unnecessary gadgets, Black Friday sales, software, and porn?

Traffic comes from SEO, from reputation, and from backlinks.

And what could be better for a site’s reputation than an official UK Government domain name, complete with thousands of backlinks, and a stable-full of citations across the internet and in reference books?

Fortunately for some lucky smut-peddler, Her Majesty’s Government has a domain which is currently a free for all, offering legit addresses for anyone who happens to stroll past.

We think it’s fair to say that the Department for Transport is not an especially organised organisation.

The root subdomain was abandoned some years ago, moving across to a subdirectory of the UK Government’s main site . But the subdomains are alive and well - sort of.

Visit dft.gov.uk, and you’ll be redirected to a subdomain for EU exit hauliers - except the site isn’t there. Instead it’s a WordPress login page. There’s no username field and we feel confident that a brute force attack would be super effective!

Elsewhere, we have the Department for Transport careers page, which sort of does what it says. Clicking on the ‘see all vacancies’ button will redirect you to the civil service jobs site. This isn’t weird in itself, what is weird is that it uses t.co - Twitter’s redirection and domain obscuring tool to do it. Don’t ask us why. We have no idea why they would do this.

There are subdomains for road haulage surveys; for statistics and for the Driver Standards Agency - whose homepage was apparently updated in November 2021, but is copyright 2006, and looks it too. DfT’s maritime wing still has a homepage showing updates on a pilot scheme which ended in 2016 and which still proudly boasts of financing from the European Union.

In short, it’s a shitshow, and a neglected shotshow at that.

But it’s the charts subdomain where things get interesting.

charts.dft.gov.uk [Archived version as at 25/11/2021] is a place where you would, perhaps, expect to find charts showing the density of choking fog from diesel engines in major UK cities. Maybe a Venn diagram of people with an HGV license, but who are not EU citizens, and are willing to work long, unsociable poorly paid hours. There could be dozens, nay, hundreds of interesting charts from which to spin thousands of fascinating articles, but no.

It’s porn.

The UK Government Hosts Porn, You Say?

No. We’re not saying that at all. Hosting is a different matter altogether. What we’re gently suggesting is that someone (a disgruntled, overworked former IT worker we hope - the alternative is far worse) has set the DNS record for charts.dft.gov.uk to point away from Her Majesty’s own servers to a place better suited to hosting adult material.

We’re saying this because a DNS check of a less smutty UK Gov domain shows the servers are physically located in London - Best of British and all that.

The chart site, however is hosted on AWS, and like trying to get anywhere via Birmingham New Street, it’s a hella slow connection. This could because the domain is so incredibly busy thanks to its prestigious domain name, or it could be because the ‘owners’ are using the AWS free tier.

What I can definitely tell you is that it’s stuffed with porn.

Is It At Least Good Porn?

We would love to be able to tell you that in the sunlit uplands of Brexitland, The Right Honourable Grant Shapps, MP for Welwyn Hatfield, and Secretary of State for Transport, was presiding over an empire of high quality filth.

Unfortunately, we can’t. The owners seem to be of Malaysian origin, and the porn itself is a mix of magazine covers, pics, and Wikipedia entries for pornstars. There was no high quality streaming video, and if you’re searching for something which would make Mr Shapp’s new site stand proud and tumescent above the rest, look elsewhere.

Overall, we give the effort the same rating we would give a rail journey from Leeds to London: 1/5. It’s slow and disappointing, but if you really need to get there and there’s no alternative, it will do the job.

Dangerous, You Say?

The big issue here is that the site is on a gov.uk subdomain. I pay my road tax through those. Millions of Brits pay their council tax, receive benefits, and are encouraged to organise their entire lives.

It’s a porn site. It doesn’t matter. It’s obviously not officially endorsed, and no-one in their right mind is going to plug in their address and credit card details.

But what if it had fallen into the hands of someone with technical skills and the drive to con as many people as possible?

It would be trivial to create a replica of an actual Government site and we’d be willing to bet that thousands of people would fall for it. Again, it’s a gov.uk site. Hell, you could probably trick actual ministers.

No - it doesn’t have TLS ( Transport Layer Security) to give it the reassuring padlock in the corner, but I imagine that gov.uk uses a sprawling wildcard system, and any attempt by the new squatters to obtain certs would result in page errors and warnings, which would be embarrassing for everyone concerned.

I’d be surprised if this was the only abandoned and subsequently hijacked .gov.uk site.

We did attempt to contact the Department For Transport through their ‘web portal,’ and were informed that somebody will read our message within 20 days. We have also emailed Mr Schapps directly.

If anyone at HMG is reading this (as I am sure they eventually must), consider employing a consultant to check all of your loose ends and other such bullshit. I could probably spare a couple of afternoons per week.

Rather like Britain’s road system, the site appears to be collapsing under the weight of traffic. There is now a snapshot (Schappshot) at archive.org https://web.archive.org/web/20211125154944/http://charts.dft.gov.uk/

Ironically, my own site collapsed shortly afterwards while I was out picking up a dog. I’ve temporarily moved it to a VPS. Sadly, this means no comments due to the weird way I have things set up. Thanks Hacker News Edit: It’s back home now

UPDATE 12.33AM: dfts.gov.uk now redirects to https://www.gov.uk/government/organisations/department-for-transport. It’s a five minute fix which should have been done years ago. Someone is working late tonight. The charts subdomain is still porn. DfT is obviously aware of this article, but has not responded.

UPDATE 10.33AM November 26: charts.dfts.gov.uk now redirects to https://www.gov.uk/government/organisations/department-for-transport as well. Took them long enough. The Driver Standards Agency is still stuck in a timewarp, and https://maritime.dft.gov.uk/ is still aparently co-financed by the EU.

Pic of Mr Shapps in header image is from the Official portrait of Rt Hon Grant Shapps MP by Richard Townshend. CC BY 3.0. Changes were made. Obviously.