+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

The Federal Website That Protects Us From Malware Has Been Hacked

Mar 14, 2013, 20:29 IST

Google+/Kim HalavakoskiThe Federal government keeps a website that collects all the information on malware and hack attacks and sends warnings out when some big new virus is on the move. It's called the NIST National Vulnerability Database (NVD) and its considered the bible of virus/malware information.

Advertisement

It's been hacked and down since March 8.

Security researchers found malware on two NIST servers and took the site offline until they could fix it.

The situation is not only ironic, it's more evidence that the hackers are winning, writes Dan Rowinski of ReadWrite.com. It's only the first quarter of 2013 and already this year Apple, Evernote, Microsoft were hacked. So was Oracle's web programming language Java, putting everyone that uses the Internet at risk. For Rowinski it got personal. The bad guys got a hold of his debit card.

Interestingly, the NVD site that warns about security problems, didn't warn the world about its own. Finnish security researcher Kim Halavakosk wondered why the site was offline for so long and emailed NIST to ask.

Advertisement

Here's the response he got, from public affairs officer Gail Porter, which he posted to his Google+ account.

Thanks for your inquiry to the NIST Director's Office webmaster. Below is a brief statement describing the issues we're experiencing with the National Vulnerability Database. We do not know yet exactly when the database will be back online but we are working as quickly as we can to get the Web site back in service.

The National Vulnerability Database public-facing Web site and several other NIST-hosted Web sites are currently unavailable due to discovery of malware on two NIST Web servers.

On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet. NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability.

Currently there is no evidence that NVD or any other NIST public pages contained or were used to deliver malware to users of these NIST Web sites.

Advertisement

NIST continually works to maintain the integrity of its IT infrastructure and acts to limit the impact of malware on its systems. We regret the impact this has had on our services.

NIST is continuing to respond to the incident and will restore these public-facing servers as quickly as possible.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article