Adult Content Takedowns Expose Widespread .gov and .edu Website Compromises
A new report from **UpGuard** reveals a significant number of government and university websites across 80 countries have been targeted by copyright takedown requests related to adult content. These requests, often initiated by individual creators policing their **OnlyFans** content, highlight a growing trend of threat actors exploiting insecure public sector and academic domains to host scam and malware-laden pages.
For nearly two decades, adult content creators like **Laura Lux** have battled the pervasive issue of content piracy. While platforms like **OnlyFans** and **Patreon** offer new avenues for creators, the struggle against unauthorized distribution remains constant. "Itβs an endless battle," says Lux, emphasizing the financial toll of readily available pirated content.
### The DMCA Frontline
To combat piracy, creators and their representatives frequently leverage the **Digital Millennium Copyright Act (DMCA)**, filing millions of requests to remove stolen content from search results. "If you are not running a DMCA service, then you might as well probably not even be bothering doing the job, because it will be everywhere," Lux states.
### Unmasking Insecure Domains
However, these copyright takedown efforts have inadvertently shined a light on a critical cybersecurity vulnerability: compromised government and university websites. A recent analysis by cybersecurity firm **UpGuard**, shared with WIRED, indicates that over the past 15 years, more than 2,000 domains belonging to government and educational institutions across 80 countries have received copyright takedown requests linked to adult content. This suggests these sites have been compromised.
Since 2020, there's been a "dramatic" increase in hijackings related to individual adult creators and "leaked" **OnlyFans** content, with many sites being repeatedly compromised.
### The Lure of Authoritative Domains
Scammers have long exploited the authoritative nature of .gov and .edu domain names, which often rank high in search results. They upload malicious pages and PDFs advertising everything from free movie downloads and iPhones to **Fortnite** skins. These pages frequently redirect users to scams or malware downloads. Increasingly, these fraudsters are using the names of popular adult content creators to draw victims to their compromised pages.
**Greg Pollock**, Director of Research at **UpGuard**, notes, "The **OnlyFans** models are not setting out to help government websites, but in order for them to police their copyright ownership, they wind up sending a lot of notices to Google about those sites." He adds that removing search results is highly effective against this attack vector, as visibility outside of **Google** is limited.
Recent takedown requests reviewed by WIRED include government and university websites in Bangladesh, Colombia, India, Nigeria, the United States, and Peru. Search results show .gov and .edu domains featuring titles like "biggest leak yet" and "leaked **OnlyFans**" videos alongside creator names.
### The Scam's Deception
Clicking these URLs in search results does not lead to leaked content. Instead, visitors are often redirected to scammy online dating sites or other suspicious pages, through which fraudsters may profit via complex advertising schemes. The malicious content is typically uploaded by exploiting vulnerabilities in the websites' publishing systems.
**Pollock's** analysis reveals 384,286 takedown requests, covering 631,193 URLs, from adult content creators to government and education websites since 2011, with the majority occurring in recent years. While **Google** has removed approximately 130,000 of these URLs, action has not been taken against another 460,000, underscoring the scale of the ongoing challenge.