[Kwpolska]

I believe scenario #3 would be as follows:

1. gov.uk’s DNS server used to point charts.dft.gov.uk to something legitimate 2. Someone hacked gov.uk’s DNS server, and changed this one specific domain to CNAME charts.dft.gov.uk.s3-website-eu-west-1.amazonaws.com 3. That same someone set up their porn thing at AWS in a bucket that maps to charts.dft.gov.uk.s3-website-eu-west-1.amazonaws.com

[tgv]

But why such a specific bucket name? Perhaps the perpetrator did it because he knows how the gov.uk DNS is maintained, but then it would be an inside job. If only the process were as tight and clean as in peppa pig land!

[patch_cable]

I think it is required to name the bucket after the domain name if you want to use it to host static web content: https://docs.aws.amazon.com/AmazonS3/latest/userguide/websit...