Here are the Goatse image hacks sent to schools across the country via Seesaw’s parent-teacher messaging app

0

Chop. Disinformation. Monitoring. CYBER is Motherboard’s podcast and reports on the downside of the internet.

A hacker, or group of hackers, compromised the popular school messaging app Seesaw to send an explicit picture to elementary school students’ families, NBC News reported Wednesday.

Motherboard has now received a screenshot of one of the images and can confirm that it is Goatse. In the example we saw, Goatse — the infamous internet shock image of a man wearing a wedding ring and spreading his asshole with both hands — is sent from an account identified as belonging to a first-grader’s family.

“Um???” one recipient of the picture wrote after the Goatse picture was shared in their group chat.

Do you know anything else about this seesaw hack? We’d love to hear from you. If you are using a personal phone or computer, you can safely contact Joseph Cox via Signal at +44 20 8133 5190, Wickr via josephcox, or email at [email protected]

The goatse image was shared in chat as a shortened bit.ly link, which then unfolded to show its content.

The same source that provided the image to NBC News agreed to share it with Motherboard. Motherboard then made certain redactions to protect the privacy of chat participants. The motherboard blurred the goatse image.

Goat-redacted.png

An edited screenshot of the Goatse image. Image: motherboard.

“We were made aware that a link to an inappropriate image was shared via the messaging feature. It appears that certain accounts were compromised by an outside actor,” reads an announcement on Seesaw’s website.

Teachers, parents and school officials reported on Twitter that porn was being shared in seesaw groups at their schools. The teachers said they were from Illinois, Colorado, Kansas, Minnesota, New York, South Dakota, Michigan and other states, suggesting this was not an isolated case. On a subreddit for school cybersecurity professionals, a poster reads: “Parents in our district receive links in Seesaw sent by their ‘kids.’ The link is some extreme porn.” One person on this thread noted that the link sent was the same bit.ly link seen by Motherboard.

Seesaw provided ongoing updates on the incident on its website. At 06:13 AM PDT, the service said it had shut down its messaging tool while investigating an incident. About an hour and a half later, Seesaw said, “The issue has been identified and a fix is ​​being implemented.”

As of 9:15 a.m. PDT, users who had received the link via an email notification were no longer able to access the link, the site said. An hour later, Seesaw said it reset passwords for affected accounts.

Sign up for Motherboard’s daily newsletter for a regular dose of our original reports, as well as behind-the-scenes content on our biggest stories.

At the time of writing, the Goatse image is no longer accessible via the bit.ly link.

“This link has been flagged as redirecting to harmful or spam content,” the bit.ly page now reads.

Seesaw is a popular communication platform for schools, parents and students. On its website, the company claims that it’s used by over 10 million people every month in more than 75 percent of US schools

“With Seesaw, even our youngest learners can bring their ideas and imaginations to life, giving teachers, parents and school leaders a glimpse into their minds—where phenomenal growth is happening every day!” the app’s page on the Apple App Store reads.

Seesaw told Motherboard in a statement that “Seesaw has not been compromised; however, individual user accounts were compromised and used to send an inappropriate message. We have no evidence that this attacker performed any additional actions or accessed any data in Seesaw other than logging in and sending a message from these compromised accounts.

“Our team is continuing to monitor the situation and is slowly re-enabling Messages. Seesaw’s mission is to create an environment where students can do their best, and we are deeply disturbed by the impact of these appalling actions on our community,” the statement added.

For such an infamous photo, Goatse is shockingly difficult to find online; Its original domain was taken over for a while by people trying to use it to shuffle cryptocurrency. This domain has since been replaced by a site that only serves ads. Goatse will not appear in Google, Bing, or DuckDuckGo image results. Torrents for the files on The Pirate Bay do not have seeders. It’s not on PornHub or Xvideos. However, Motherboard was able to find it on a Russian domain dedicated to preserving Goatse’s history. Now, apparently, parents across the country have been reintroduced to this famous internet lore.

Updated: This piece has been updated to include a statement from Seesaw.

Subscribe to our cybersecurity podcast CYBER. Subscribe to our new Twitch channel.

Share.

About Author

Comments are closed.