April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
Treasury Dept. has cloud hacked
The Treasury had moved to a cloud platform last year and the department blamed its cloud computing provider (the Treasury’s Web site is hosted by Network Solutions) for the incident.
In a statement released May 4, the Treasury Department said, “The Bureau of Engraving and Printing (BEP) entered the cloud computing arena last year. The hosting company used by BEP had an intrusion and as a result of that intrusion, numerous websites (BEP and non-BEP) were affected. On May 3, the Treasury Government Security Operations Center was made aware of the problem and subsequently notified BEP.
“BEP has four Internet address URLs all pointing to one public website. Those URLs are BEP.gov; BEP.treas.gov; Moneyfactory.gov and Moneyfactory.com. BEP has since suspended the website. Through discussions with the provider, BEP is aware of the remediation steps required to restore the site and is currently working toward resolution.”
Roger Thompson, chief research officer for IT security software vendor AVG Technologies USA, Inc. of Chelmsford, MA, was the first to notice the hack, and reported it the FBI. Thompson revealed that the hackers had added a tiny snippet of a virtually undetectable iframe HTML code that redirected visitors to a Ukrainian Web site. From there, a variety of Web-based attacks were launched using an easy-to-purchase malicious toolkit, called the Eleonore Exploit Pack. Only first-time users were affected; returning to the site a second time did not lead to more attacks, making it difficult for law enforcement to track the perpetrators.
For less $1,000 – the Eleonore Exploit Pack costs only $700 – even the most minimally talented hacker can exploit flaws in Microsoft Internet Explorer, Firefox and Adobe Acrobat Reader, The widespread problem of low cost hacking that takes advantage of this commonly used software was highlighted in the 2010 Symantec report.
Despite the inherent risks involved in cloud platforms, IT experts tend to agree that the government would reap more benefits from using them, rather than not, and have encouraged government agencies to move towards the cloud in recent months.
“I am not going to say this will scare users away from cloud computing,” says Thomas Krafft. “But it definitely brings into clear focus the issues surrounding security in the cloud.”
Krafft – the director of marketing at Objectivity, Inc. of Sunnyvale, CA, a provider of distributed data management solutions often used in cloud computing environments – still believes that “In a few years, clouds and other hosted platforms will be the norm rather then the exception.”
“It’s still a bit like the wild west out there,” Krafft commented. “But standards and regulations are developing very quickly as all organizations – whether in the government of in the private sector – realize how critically important and essential data security is.”