Skip to main content
Support Us

Government Sites Across the U.S. Are Awash in Hardcore Porn

The Intercept found dozens of government websites exploited by spammers to redirect to porn. Here’s how this hack happened.

Screenshots by Nikita Mazurov

A webpage on the State of Louisiana’s official site appears to be advertising “animal porn Porn Videos.” The online home of the Federal Judicial Center offers “free how to sex videos,” with a closed captioning feature. The Centers for Disease Control and Prevention’s SimpleReport, identified as an “official website of the United States government” in a banner at the top of the page, provides “Desi Girl Xxx Video sex Videos,” while the City of Bethlehem, Pennsylvania, points to “Sexy Beautiful European Porn.”

These are just a few examples of the wide range of U.S. government websites inadvertently directing visitors to hardcore porn content. Other examples can readily be discovered when searching for pornographic keywords like “xxx” and utilizing Google’s “site:” search operator to query only U.S. government domains.


Related

Project 2025 Co-Author Caught Admitting the Secret Conservative Plan to Ban Porn

In some cases, the content appears to violate the very laws of the governments whose sites they have taken over. Pages hosted on the State of Louisiana’s official government site that now redirect to porn, for instance, don’t require visitors to provide proof-of-age verification, as is required under Louisiana’s controversial age verification law. The Supreme Court is due this week to hear a case about the constitutionality of age verification laws.

Spammers have in the past exploited the redirection functionalities of government websites to steer traffic to pornographic content — meaning the government sites themselves never actually hosted malicious content. But this recent wave of porn spam appears to be using a more complex technique: uploading to government pages rogue content that transports website visitors to malicious sites.

Most Read

U.S. sailors prepare to stage ordnance on the flight deck of Nimitz-class aircraft carrier USS Abraham Lincoln on Feb. 28, 2026 at sea.
Pentagon Erases Wounded U.S. Troops From Iran War Casualty List: “Definition of a Cover-up”
Nick Turse
Soldiers from the Mexican Army guard the facilities of the Military Garrison in Ciudad Juarez, Chihuahua state, Mexico, on February 23, 2026. Mexico has deployed 10,000 troops to quell clashes sparked by the killing of the country's most wanted drug lord, which have left dozens dead, officials said on February 23. Nemesio "El Mencho" Oseguera, leader of the Jalisco New Generation Cartel (CJNG), was wounded on February 22 in a shootout with soldiers in the town of Tapalpa in Jalisco state and died while being flown to Mexico City, the army said. (Photo by Herika Martinez / AFP via Getty Images)
U.S. Personnel Who Died in Mexico Were Working for the CIA, Sources Say
Nick Turse
Democratic gubernatorial candidate Tom Steyer speaking at a town hall meeting in Culver City, Calif. on March 14, 2026.
Progressive Group Founded by Bernie Sanders Endorses Billionaire for California Governor
Akela Lacy

The new attacks work by tricking the site into attempting to load a nonexistent image. Doing so invokes what’s called an onerror event in the HTML code, which instructs the web browser to pull up a third-party website if an image won’t load. This exploit transports users from the government page to a third-party site, which in turn redirects to yet another site hosting porn and soliciting signups with referral codes and affiliate links. If the user ultimately signs up for an account on one of these sites, the owner may receive a cash incentive.

In some instances, visitors end up on a page to purchase antivirus software from vendors such as McAfee. In response to questions from The Intercept about a specific ad redirected from a Bethlehem city government website, a McAfee spokesperson said the company would “be taking action to remove this ad.” McAfee did not respond to a question about how much the spammer had made through the affiliate program.

The rogue webpages in some cases appear to have been uploaded to the government websites that use older versions of the Kentico content management system, which previously allowed any user to upload files to the website.

Users on forums such as BlackHatWorld, which describes itself as “the global forum and marketplace for cutting edge digital marketing techniques and methods to help you make money in digital marketing today,” routinely advise each other to use the Kentico exploit to inject their content into websites.

Kentico disputed that such attacks point to a vulnerability in its systems, stating that its default settings allow any user to upload file and that it is up to its clients’ website administrators to restrict upload permissions. Kentico confirmed to The Intercept that “media libraries are not secured by default” and that the “default admin account has no password.”

The company pointed The Intercept to its official documentation. “By default, files in media libraries are NOT secured,” the documentation states. “It is up to the user’s discretion when using some feature to read the documentation. E.g. when creating a media library, secure it according given project’s needs and goals.”

None of the impacted government responded to requests for comment; all pages flagged by The Intercept were taken offline shortly after our outreach.

IT’S EVEN WORSE THAN WE THOUGHT.

What we’re seeing right now from Donald Trump is a full-on authoritarian takeover of the U.S. government. 

This is not hyperbole.

Court orders are being ignored. MAGA loyalists have been put in charge of the military and federal law enforcement agencies. The Department of Government Efficiency has stripped Congress of its power of the purse. News outlets that challenge Trump have been banished or put under investigation.

Yet far too many are still covering Trump’s assault on democracy like politics as usual, with flattering headlines describing Trump as “unconventional,” “testing the boundaries,” and “aggressively flexing power.” 

The Intercept has long covered authoritarian governments, billionaire oligarchs, and backsliding democracies around the world. We understand the challenge we face in Trump and the vital importance of press freedom in defending democracy.

We’re independent of corporate interests. Will you help us?

Donate

IT’S BEEN A DEVASTATING year for journalism — the worst in modern U.S. history.

We have a president with utter contempt for truth aggressively using the government’s full powers to dismantle the free press. Corporate news outlets have cowered, becoming accessories in Trump’s project to create a post-truth America. Right-wing billionaires have pounced, buying up media organizations and rebuilding the information environment to their liking.

In this most perilous moment for democracy, The Intercept is fighting back. But to do so effectively, we need to grow.

That’s where you come in. Will you help us expand our reporting capacity in time to hit the ground running in 2026?

We’re independent of corporate interests. Will you help us?

Donate

I’M BEN MUESSIG, The Intercept’s editor-in-chief. It’s been a devastating year for journalism — the worst in modern U.S. history.

We have a president with utter contempt for truth aggressively using the government’s full powers to dismantle the free press. Corporate news outlets have cowered, becoming accessories in Trump’s project to create a post-truth America. Right-wing billionaires have pounced, buying up media organizations and rebuilding the information environment to their liking.

In this most perilous moment for democracy, The Intercept is fighting back. But to do so effectively, we need to grow.

That’s where you come in. Will you help us expand our reporting capacity in time to hit the ground running in 2026?

We’re independent of corporate interests. Will you help us?

Donate

Contact the author:

Related

Latest Stories

Join The Conversation