US Treasury websites hacked

Computerworld reports that three websites affiliated with the US Treasury department have been infected with code that distributes malware to visitors. Roger Thompson, a researcher at AVG, discovered on Monday that three domains belonging to the US Bureau of Engraving and Printing had malicious iframe HTML code that contained a redirect to a web site hosted in Ukraine.

The Ukrainian website, a site known for similar attacks, was using a commercially available malware distribution tool called Eleonore Exploit Pack to infect users' machines. The methodology of the infection of the website is currently unknown, but users are warned to stay away from the website until sufficient corrective actions are taken.

Image courtesy of AVG

The IT staff at the websites are aware of the situation, and have taken them offline until cleanup has been completed. Visitors to the websites are greeted with a "Page Not Found" screen. 

ComputerWorld was unable to reach the Treasury Department for comment. 

Report a problem with article
Previous Story

Exclusive: WordPress exploit explained

Next Story

Latest Chrome 5 beta is 35% faster, sports new HTML5 features

17 Comments

Commenting is disabled on this article.

The term false Flag comes to mind. It's no secret the government would love to control the flow of information on the internet and their favorite ways of doing it are: Child porn and/or Security. Drum up enough of a scare that the internet is "under attack" and poof, Chinese style censorship. Bottom line is I just don't buy it, they're either incompetent or attacking themselves. I don't have the patience for either anymore.

M_Lyons10 said,
Oh jeez... How could this happen? The government seems to be one security breach after another anymore...

Consider how big it is and how many separate computer systems we are talking about when we refer to the government. Every military base has a network admin for every building just about as well as another one over all of them and so on. That same logic gets applied all across the government so that is a lot of people to have to kept properly trained in computer security. These security breaches aren't happening to the same people over and over, they are happening to people over a very large pool. Anyone one of them trigger the label, "Government computer hacked"

Edited by SputnikGamer, May 4 2010, 10:14pm :

^ i believe this is the right occasion to say, dont take money out of the education system and put in the war machine.

Krpano said,
^ i believe this is the right occasion to say, dont take money out of the education system and put in the war machine.

Because they teach computer/network security in middle and high school right?

I always wonder why government agencies don't have better people working for them. I remember that guy in the U.K. that was being prosecuted by the U.S. for "hacking" into boxes with blank admin and SA passwords. What the hell is up with that? The gov needs better people!

Tim Dawg said,
I always wonder why government agencies don't have better people working for them. I remember that guy in the U.K. that was being prosecuted by the U.S. for "hacking" into boxes with blank admin and SA passwords. What the hell is up with that? The gov needs better people!

If the government had better people working for them, everyone would complain. These jobs don't go to the most skilled people on the market, they go to the cheapest ones. If it was the other way around, taxpayers would complain about wasting tax dollars on overpaid workers.

Edited by SputnikGamer, May 4 2010, 10:30pm :

True however when it comes to certain agencies such as the DoD and the Treasury, I think the justification is there for high salaries however in this case it was just a public web site so maybe there are better people inside and the slackers are tending to the public low value targets. This is just speculation of course.

Tim Dawg said,
True however when it comes to certain agencies such as the DoD and the Treasury, I think the justification is there for high salaries however in this case it was just a public web site so maybe there are better people inside and the slackers are tending to the public low value targets. This is just speculation of course.

It would make sense. Let the hackers have fun trying to get into the public site and keep the actual network with important crap hidden away.

Sebianoti said,

That's not going to help the problems!

Yeah stupid ass Network Administrator!


And it should have been fixed by now.

Edited by war, May 4 2010, 10:10pm :