A Department of Treasury Web site hosted by a third party was hacked for a short while
redirecting visitors to a malicious site in Ukraine and later tracking IP
addresses before the Department of Treasury took the site offline.


The Department of Treasury did not identify the provider that hosted the
Bureau of Engraving and Printing Web site, but did acknowledge in a statement
that it “entered the cloud
computing arena last year.”


The attack is bound to raise concerns about federal agencies’ abilities to
secure data hosted by third-party service providers. Security remains one of the
biggest concerns in government circles as the Obama administration makes an
aggressive push for federal agencies to begin adopting cloud computing services.
The attack may also be used as a tool by legislators and policy makers to demand
tighter security requirements.


The main web site of the Treasury division that prints U.S. paper currency,
the Bureau of Engraving and Printing presented would-be visitors with a 404 “not
found” error at each of the four URLs that point to the page, bep.gov,
bep.treas.gov, moneyfactory.gov, and moneyfactory.com.


Cisco’s ScanSafe tracked the attack to a Web site that attempts to exploit
numerous vulnerabilities in Adobe Reader, Adobe Acrobat, Internet Explorer,
Microsoft Office, Symantec AppStream, and other applications, and said that the
malicious site has targeted sites hosted by Network Solutions and GoDaddy.

Resources
Post Your Resume to 65+ Job Sites
Resume Service

Post to Twitter Tweet This Post