U.S. Treasury Sites Hacked, Serves Up Malware
Hackers planted code into three sites belonging to the U.S. Department of the Treasury.
As a consumer and a taxpayer, it's assumed that government websites are the most secure in the nation. After all, if hackers can gain access and plant malware for viewers to download, then the nation really isn't that all secure on the cyber frontier, right? Unfortunately, that's apparently what has happened to three websites belonging to the U.S. Department of the Treasury. How safe and secure do you feel now?
Roger Thompson of AVG discovered the infestation on Monday. The urls involved include bep.gov (Bureau of Engraving and Printing), bep.treas.gov, and moneyfactory.gov. All three sites were "script injected" with a line of code that linked back to a now-dead grepad.com. At first Thompson thought the government admins had resolved the issue, however later Monday evening he discovered that the sites still remain infected, and warned web surfers to steer clear until until the issue is resolved.
By Tuesday morning, the websites administrators had taken the three websites offline.
PC World adds to the report after contacting Thompson directly. The injected iframe HTML code redirected visitors to the grepad.com website located in the Ukraine. Naturally this website was loaded down with malware, specifically a commercially available attack-kit called the Eleonore Exploit pack. Previous attacks on other websites by grepad.com have been known to infiltrate viewers through PDFs and other software bugs.
It may be possible that the attack on the U.S. Department of the Treasury stems from the introduction of the newly redesigned $100 bill, a retaliation against the governments attempts to thwart money launderers.
- Google Throws Money Into the Wind
- iPad Helps Lawyer in Courtroom in Winning Trial
- Automatic Knitting Powered by the Wind
- The Blanket That Absorbs Farts
- Concept Lamp Doubles as Power Source
- Jailbreak Released for iPad, iPhone, iPod Touch
- Man Beats, Breaks Bejeweled 2 After 2,205 Hours
- Canadian DM: LCDs, Microchips Come from Aliens
- LG Dispay LCDs May Be Banned Worldwide
- Times Square Car Bomb SUV Bought on Craigslist
- VIDEO: New iPad 3G Gets Nuked Inside Microwave
- Stealing, Pirating Assassin's Creed Costs Man $25K
- Genuine Healing Lights Coming Soon
- Casini Studio's MP3 Player Doubles as a Pendant
- Gadgets That are Obsessed With Transparencies
- Game Boy, Phone Used in High School Bomb Scare
- Google to Launch Digital Books Early this Summer
- CliffyB: Gears 3 Is Nothing Like Waterworld
- Nintendo Profits Fall for the First Time in Six Years
gov is not the most secure they dont hire the brightest private companies do.
gov is not the most secure they dont hire the brightest private companies do.
He said that people assume that to be true, not that it actually is.
Well correct me if I'm wrong, but assuming there are some educated people assigned for security in all those u.s. departments, this might just be an inside job..
You may want to keep an eye on http://www.theregister.co.uk/ since this was news there yesterday.........
"Government Sites Are Secure"
"The Recession Is Over"
"Won't Raise Taxes"
"Honey, I swear I won't ..... in your mouth"
Yeahhhh....
First the recession.
Next the Salahis gate crashing Obama's party.
Then this.
Hard times indeed ...
Somehow, security and common sense don't seem to go too well with this current administration.
You may want to keep an eye on http://www.theregister.co.uk/ since this was news there yesterday.........
Why do I want to keep an eye on that website? Do I have to manually check thousands of important sites that don't pertain to my immediate interest daily? No.
Somehow, security and common sense don't seem to go too well with this current administration.
Still trying to kick the habit left from the Bush administration.
Instead of Malware why couldn't it be free money...
Well correct me if I'm wrong, but assuming there are some educated people assigned for security in all those u.s. departments, this might just be an inside job..
Um, yeah, you're wrong.
Considering how easy it is to exploit a site and even log in as an admin, I highly doubt it was an inside job. Any 15-yr-old geek could have done it.
Yeah they probably put an easy password like lipstick LOL
Ummmmm, I fail to see how changing the design on the $100 bill would have any impact to money launderers... I do see how it may have an impact on counterfeiters...
"It may be possible that the attack on the U.S. Department of the Treasury stems from the introduction of the newly redesigned $100 bill, a retaliation against the governments attempts to thwart money launderers.
Considering how easy it is to exploit a site and even log in as an admin, I highly doubt it was an inside job. Any 15-yr-old geek could have done it.
In fact that happened in germany some years ago. Some 15 year old script kiddie found insecure ftp services hosted openly on goverment sites, which contained sensitive data.
Anyway, having friends both in bank it jobs, goverment jobs, police and prison jobs here in denmark and germany, I don't really feel confident that things are really secure enough.
definitely a lack of security. I don't think the problem will ever be solved.
"Somehow, security and common sense don't seem to go too well with this current administration." (-9)
A-ha, the old flag campaign, eh? Looks like some people don't like others criticizing governments..how dare they speak ill of Obama, or the Federal Reserve deficit, or the Immigration, Security as well as other national and domestic policies.
Keep an eye on the this..see which comments get massively voted down. I wonder if the same people belong to the 'army of flaggers', who routinely vote down You Tube video's..
And this is supposed to surprise us how?
And for those who foolishly blame "this administration" you should remember that all of this has been in place much longer than this administration and the policies (or lack of them) are carryovers from previous administrations.
gov is not the most secure they dont hire the brightest private companies do.
Yep! And this is why McAfee zorched computers worldwide with an AV update.
For those who believe that gov has some brains should look at the kindergarten act going on in the gov of the State of New York.
it could be in retaliation for the recession
i wouldnt trust the government over a private company any day... at least with a company you have most individuals with a common vision and goals... just the opposite with government and politics...