US Treasury attacked by hackers
Security vendor AVG has said that three websites, including its cloud computing host belonging to the US Department of the Treasury, have been hacked in an attempt to attack visitors with malicious software.
The URLs targeted were BEP.gov, BEP.treas.gov, Moneyfactory.gov and Moneyfactory.com and other users or IP addresses who had not visited the site before, in an attempt by the hackers to remain illusive and make it more difficult for authorities to track them.
"The Bureau of Engraving and Printing (BEP) entered the cloud computing arena last year. The hosting company used by BEP had an intrusion and as a result of that intrusion, numerous websites (BEP and non-BEP) were affected," the Treasury said in a statement. 
Roger Thompson, the AVG researcher discovered the problem on Monday on three Web domains associated with the home page of the U.S. Bureau of Engraving and Printing. He suggested that all sites be avoided.
The attack by hackers, according to Thompson, was possible after hackers added a small snippet of virtually undetectable iframe HTML code that redirected visitors to a Web site in the Ukraine.
Once users were redirected to a web site in the Ukraine they were attacked using a commercially available attack-kit called the Eleonore Exploit pack, although it still isn't known how hackers were able to install malicious code on the Treasury Department's websites.
The Ukranian site has been subject to attacks in the past, and comes on the back of SNOsoft, a cyber-security specialist who was able to penetrate a mid-level banking network and completely control the whole banking infrastructure.
The Bureau of Engraving and Printing provides information on U.S. currency on how to identify counterfeit bills amongst other things, and just two weeks ago had used its website to promote the newly redesigned US$100 bill.
Related articles:
Hackers penetrate mid-level bank IT network | Financially motivated hacking: the non-vulnerability challenge | Are hacker-schemes on the rise?
Like this article? Get the RSS feed:
blog comments powered by Disqus
Latest from Financial
Editors Choice
Source: www.usfst.com© 2012 GDS Publishing Ltd. All rights reserved.