April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

Treasury Dept. has cloud hacked

The Treasury Department was hacked last week, leaving the Web site for its Bureau of Engraving and Printing - the agency responsible for printing U.S. dollars - down from May 3 to May 7.

The Treasury had moved to a cloud platform last year and the department blamed its cloud computing provider (the Treasury’s Web site is hosted by Network Solutions) for the incident.

In a statement released May 4, the Treasury Department said, “The Bureau of Engraving and Printing (BEP) entered the cloud computing arena last year. The hosting company used by BEP had an intrusion and as a result of that intrusion, numerous websites (BEP and non-BEP) were affected. On May 3, the Treasury Government Security Operations Center was made aware of the problem and subsequently notified BEP.

“BEP has four Internet address URLs all pointing to one public website. Those URLs are BEP.gov; BEP.treas.gov; Moneyfactory.gov and Moneyfactory.com. BEP has since suspended the website. Through discussions with the provider, BEP is aware of the remediation steps required to restore the site and is currently working toward resolution.”

Roger Thompson, chief research officer for IT security software vendor AVG Technologies USA, Inc. of Chelmsford, MA, was the first to notice the hack, and reported it the FBI. Thompson revealed that the hackers had added a tiny snippet of a virtually undetectable iframe HTML code that redirected visitors to a Ukrainian Web site. From there, a variety of Web-based attacks were launched using an easy-to-purchase malicious toolkit, called the Eleonore Exploit Pack. Only first-time users were affected; returning to the site a second time did not lead to more attacks, making it difficult for law enforcement to track the perpetrators.

For less $1,000 – the Eleonore Exploit Pack costs only $700 – even the most minimally talented hacker can exploit flaws in Microsoft Internet Explorer, Firefox and Adobe Acrobat Reader, The widespread problem of low cost hacking that takes advantage of this commonly used software was highlighted in the 2010 Symantec report.

Despite the inherent risks involved in cloud platforms, IT experts tend to agree that the government would reap more benefits from using them, rather than not, and have encouraged government agencies to move towards the cloud in recent months.

“I am not going to say this will scare users away from cloud computing,” says Thomas Krafft. “But it definitely brings into clear focus the issues surrounding security in the cloud.”

Krafft – the director of marketing at Objectivity, Inc. of Sunnyvale, CA, a provider of distributed data management solutions often used in cloud computing environments – still believes that “In a few years, clouds and other hosted platforms will be the norm rather then the exception.”

“It’s still a bit like the wild west out there,” Krafft commented. “But standards and regulations are developing very quickly as all organizations – whether in the government of in the private sector – realize how critically important and essential data security is.”

 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...