US Treasury web site hacked

[Modelworks]

In the past some government sites have been hacked, but come on , the US treasury site ?
This completely obliterates any hope I had of the government maintaining some level of security on computer systems.

http://news.yahoo.com/s/pcworld/20100504/tc_pcworld/ustreasurywebsiteshackedservingmalware

Three Web sites belonging to the U.S. Department of the Treasury have been hacked to attack visitors with malicious software, security vendor AVG says.
AVG researcher Roger Thompson discovered the issue Monday on three Web domains associated with the home page of the U.S. Bureau of Engraving and Printing . As of late Monday, all three Web sites were still actively serving malicious software and the Bureau of Engraving and Printing Web site should be avoided until it's clear that they've been cleaned up, Thompson said in an interview via instant message.
Although the Treasury Department could not be reached for comment, IT staff there appear to be aware of the problem. On Tuesday morning, all three sites had apparently been taken offline and were returning a "page not found" error.
According to Thompson, hackers had added a small snippet of virtually undetectable iframe HTML code that redirected visitors to a Web site in the Ukraine that then launched a variety of Web-based attacks based on a commercially available attack-kit called the Eleonore Exploit pack.
The Ukrainian Web site was associated with similar attacks in the past. Those attacks targeted a handful of known software bugs , including flaws in Adobe's Reader software.
The Bureau of Engraving and Printing provides information on U.S. currency -- how to identify counterfeit bills for example -- and just two weeks ago had used its Web site to promote the newly redesigned US$100 bill.
It's not clear how hackers managed to install their malicious code on the Treasury Department's Web sites.

Sites effected are :
- BEP.gov, BEP.treas.gov, Moneyfactory.gov and Moneyfactory.com -- have been suspended until further notice.

 

[blackangst1]

The federal government is horribly behind the times with network security. There's a reason NIST went outside to the private sector for AES encryption. Which cracks me up when people say (insert favorite 3 lettered agency here) has the ability to crack encryption, etc. But thats another thread. But yeah...the feds arent the leaders in network security.

 

[DesiPower]

Doesn't China already control all our money?

 

[Lemon law]

I alone understand why, they refused to put Reagan on all our currency.

 

[Dr. Zaus]

I alone understand why, they refused to put Reagan on all our currency.

Don't you think it would be demeaning to have Master Ray-Gun on anything less than a 50?

 

[Fear No Evil]

But we can trust them to run Healthcare!

 

[CycloWizard]

Am I the only one who finds it amusing that the US Treasury runs both moneyfactory.gov and moneyfactory.com?

 

[theflyingpig]

But we can trust them to run Healthcare!

Oh, but that's different.

 

[DucatiMonster696]

But we can trust them to run Healthcare!

Its going to be awesomely run, no doubt.

 

[Fear No Evil]

Oh, but that's different.

Everybody knows this.

 

[Dissipate]

That's quite hilarious.

 

[dmcowen674]

In the past some government sites have been hacked, but come on , the US treasury site ?

This completely obliterates any hope I had of the government maintaining some level of security on computer systems.

Oh I bet it's Obama's huh, never had a breach while your hero Bush was in?

Give me a break. Just about all servers get busted into these days.

I had to take mine offline to scrub a trojan that got uploaded somehow.

Took 10 minutes, big boo hoo.

 

[Exterous]

Oh I bet it's Obama's huh, never had a breach while your hero Bush was in?

Hey! Let's berate him for something he didn't say! Awesome!

 

[Modelworks]

Oh I bet it's Obama's huh, never had a breach while your hero Bush was in?

Give me a break. Just about all servers get busted into these days.

I had to take mine offline to scrub a trojan that got uploaded somehow.

Took 10 minutes, big boo hoo.

Where did I say anything about Bush or Obama ?

Just because your servers have issues doesn't mean we should just accept it as normal. If you don't know how the trojan got on your server then you are not much of an admin.

There is absolutely no reason the government could not have secure servers for websites except incompetence.

 

[Skitzer]

Hey! Let's berate him for something he didn't say! Awesome!

That's how Dave rolls!

 

[TruePaige]

Non-essential website with non-private information and no financial data.

Big yawn.

 

[Vette73]

Non-essential website with non-private information and no financial data.

Big yawn.

COME ON!!! WE should be spending billions to make sure that sites with "non-private information and no financial data" are safe.

Then we can go have parties and throw around "tea bags" and complain that we the tax payer are paying billions to make sure that "Non-essential website"s are safe.

:awe:

 

[Skitzer]

Non-essential website with non-private information and no financial data.

Big yawn.

Kinda makes you wonder why it is even there huh? It being so non-essential and all.

 

[DisgruntledVirus]

Kinda makes you wonder why it is even there huh? It being so non-essential and all.

non-essential and not needed are different.

There are a ton of work systems that are non-essential (i.e. if they go down I can still work), but are still needed (or provide a useful service to help me do my job better).