Hacked Cloud computing host causes US Treasury websites suspension

May 7th 2010 in Security, cloud computing, incidents

Four USA Treasury Web sites have been taken-offline after their cloud computing host was hacked. The attack caused users to be redirected to a malicious site in the Ukraine.

The four URLs infected were BEP.gov (Bureau of Engraving and Printing), BEP.treas.gov, Moneyfactory.gov and Moneyfactory.com. The type of attack was a script injection that redirected users. The attack was unusual in that only IP addresses that had not previously visited the Treasury site were targeted, which made it difficult for authorities to track.

Roger Thompson, chief research officer at AVG Technologies, first noticed the attack on Monday (03 May 2010). He is reported as explaining that the hackers added a small snippet of almost undetectable iframe HTML code that redirected visitors to a Web site in the Ukraine. This site then launched a variety of Web-based attacks based on a commercially available attack-kit called the ‘Eleonore Exploit pack’.

The Ukrainian Web site is associated with similar attacks, which targeted a small number of known software bugs, including flaws in Adobe Reader software.

In a statement, the USA Treasury said “The Bureau of Engraving and Printing (BEP)entered the cloud computing arena last year. The hosting company used by BEP had an intrusion and as a result of that intrusion, numerous BEP and non-BEP websites were affected”.

At the time of writing this, the Web sites are still suspended and it isn’t clear how the hackers managed to install malicious code on the Treasury Department Web sites.

Final thoughts ….

The headlines suggest that the vulnerability is at the Cloud infrastructure level instead of the individual Web services hosted on it. Exact details aren’t yet know, but let’s hope it isn’t a ‘cloud computing’ issue, as it could impede the deployment of cloud services to companies who are already nervous about jumping into a cloud service provider.

This issue does highlight just how important security is for the underlying cloud infrastructure layer, because an issue at this layer can potentially impact all services running on it.

Also read ….

Cloud Computing – why is everyone so excited ?

DaaS – what is it ?

DaaS is an acronym for Desktop as a Service. It’s an outsourced service offering in which a service provider hosts the infrastructure and storage to deliver your company’s desktop devices. DaaS uses desktop virtualisation and reduces the infrastructure required on your companys premises.

DaaS – what is it ?Previous Entry

Your old equipment could be a risk to your company

How do you dispose of old equipment – do you give it to staff or charity ? If so, beware of the risks involved. A recent story of client data found on a used photocopier is a scary reminder. How do you make sure your equipment doesn’t contain valuable company data when it leaves your premises ?

Your old equipment could be a risk to your companyNext Entry