US Treasury branch confirms hack attack

gallery

Hackers have caused the Bureau of Engraving and Printing (BEP), a part of the US Department of the Treasury, to shut down a number of websites.

The BEP confirmed to IT PRO that the hosting company it uses experienced an intrusion and as a result of the breach numerous websites were affected, including non-BEP sites.

Earlier this week, the Treasury Government Security Operations Centre became aware of the issue and subsequently notified BEP.

“BEP has four internet address URLs all pointing to one public website. Those URLs are: bep.gov; bep.treas.gov; moneyfactory.gov and moneyfactory.com. BEP has since suspended the website,” the body explained.

“Through discussions with the provider, BEP is aware of the remediation steps required to restore the site and is currently working toward resolution.”

BEP is the largest producer of security documents in the US, printing billions of Federal Reserve Notes for delivery to the Federal Reserve System every year.

According to Roger Thompson, chief research officer at IT security company AVG, the BEP websites had a line of code injected into them.

“Folks should stay away from the sites mentioned until they're cleaned,” Thompson warned in a blog.

PandaLabs has also claimed to have come across problems on the US Treasury's sites. Threat researcher Sean-Paul Correll wrote in his own blog post: “We came across an embedded iframe inside of the Department of Treasury website.”

Correll explained: “Upon accessing the US Treasury website (treas.gov, bep.gov, or moneyfactory.gov), the iframe silently redirects victims through statistic servers and exploit packs which will carry the victim onto the second stage of the attack.”

In Correl’s case, the exploit kit determined that Java was the “best method” for infecting his test machine.

Once infected, users' web browsers will start directing them to ads and “other nasty things” like rogueware, the expert added.

Email to a friend

Print this page