Security Breach – US Treasury Department With 4 Public Sites Infected – It Pays To Read Blogs
Posted May 05 2010 10:36am
We talk quite a bit about security in healthcare and when the US Treasury Department gets infected, people tend to listen up. I found this of interest as the person who found the breach and/or infection reported it on a blog. When you read the comments below he further went to the FBI as he states web administrators don’t usually believe such notices, but says when the FBI talks, people listen.
Blogs are good filters and can really be helpful. I somewhat think of myself in healthcare as a “forensic dot connector”, in other words the technology slant added here is different than what is found on many blogs as I try to bring in many aspects of a story. This is where I feel bloggers are great companions to the journalists that bring us the news, but after the fact one may wonder, how does this potentially affect me, the bloggers will usually add the “personal” side quite often.
Communication is a 2 way street and just due to the fact that someone puts a blog out there looking for input doesn’t necessarily mean they will come to the mountain all the time either. Last year on the healthcare side of things we had the conficker virus infecting MRI machines as an example. This was due to some “old” provisions still in effect and party due to some “non participants” in technology maybe not catching this sooner.
This is just another example of how everyone needs to participate at some levels of technology to stay on top of all that is happening! This is great that someone was watching out and caught the intrusion. BD
The Treasury Department has taken offline four public Web sites for the Bureau of Engraving and Printing after the discovery Monday of malicious code on a parent site.
The bureau began using a third-party cloud service provider to host the sites last year, it said Tuesday in a statement about the incident. “The hosting company used by BEP had an intrusion and as a result of that intrusion, numerous websites (BEP and non-BEP) were affected,” the statement said. The Treasury Government Security Operations Center was alerted to the problem and notified the bureau, which responded by taking the sites offline.
The infections first were reported by Roger Thompson, chief research officer for AVG Technologies, who discovered malicious code injected into the affected page Monday morning. He said the code appears to link with two attack servers in Ukraine.
The Bureau of Engraving and printing has four URLs pointing to one public Web site, which was infected with a malicious iFrame. The URLs are bep.gov, bep.treas.gov, moneyfactory.gov and moneyfactory.com. “BEP has since suspended the Web site,” the bureau said in its statement. “Through discussions with the provider, BEP is aware of the remediation steps required to restore the site and is currently working toward resolution.”
Thompson reported the breach to the FBI, which in turn apparently reported it to Treasury officials.
“I would gladly have reported it to Treasury, but it can be hard to find the right person,” he said. “Usually when I talk to a Web administrator they don’t believe me. When the FBI calls, they pay attention.”
Often, multiple exploits are available on the attack site. Such attacks commonly are used to compromise computers to steal sensitive information and for recruitment into botnets.
Thompson said he noticed the Treasury infections because they are in the .gov domain. “I think there are a jillion other sites being affected, but these were the only government sites, which is what we noticed.”