Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Mobile Tech
DDoS Protection Powered By Verisign
Average Rating:
Rate this article:  
Labor Department Web Site Hacked, Malware Uploaded

Labor Department Web Site Hacked, Malware Uploaded
By Jennifer LeClaire

Share
Share on Facebook Share on Twitter Share on Linkedin Share on Google Plus

"It's difficult to discern the intent of a criminal targeting visitors to such a specific Web site, but clearly this was planned well in advance, and was not intended to reach a wide audience of potential victims," said security researcher Andrew Brandt. A relatively obscure portion of the U.S. Department of Labor Web site was hacked, and malware placed there.
 


The U.S. Department of Labor's Web site was hacked on Tuesday. Malicious code was placed on the site in the process.

According to security information and event management firm AlienVault, the government site has been serving out malicious code since Wednesday. That code then works to install malware on victim computers. The Labor Department could not be reached immediately but news reports indicate the hack has been resolved.

Some security firms are pointing the finger at DeepPanda, a Thai non-governmental organization with a human rights mandate. DeepPanda has been connected with a number of advanced persistent threat attacks.

Behind the Hack Attack

Andrew Brandt, director of Threat Research at Solera Networks, said although he was not sure what time the Labor Department site was modified, he he was made aware Tuesday that code that was suspicious in appearance had been uploaded to the department's "Site Exposure Matrices" (SEM) Web site.

"The page is offline at the moment, and I had never heard of the SEM before, but the SEM page described it as 'a repository of information gathered from a variety of sources regarding toxic substances present at Department of Energy (DOE) and Radiation Exposure Compensation Act (RECA) facilities," Brandt told us.

"The code that was added to the foot of the page caused a site visitor to load a script hosted on a server elsewhere. The page loaded the script from a page at the domain dol.ns01.us -- but the ns01.us domain is actually owned by a dynamic DNS service called ChangeIP.com. The domain name pointed to a server hosted in Los Angeles, as of last night."

What Was the Motive?

Among the malicious code pushed down to victims' computers was a binary data file with a .png extension. Brandt didn't manage to obtain this file through visiting the site. Instead, another researcher provided the file. That researcher claimed this binary file was the initial malware payload of the attack.

According to Brandt, upon execution, the malware tried to contact another ChangeIP.com dynamic DNS hostname -- microsoftUpdate.ns1.name. As of this morning, he explained, that hostname had been blackholed and the malware has been unable to "phone home" since.

"It's difficult to discern the intent of a criminal targeting visitors to such a specific Web site, but clearly this was planned well in advance, and was not intended to reach a wide audience of potential victims," Brandt said. "The reality is that the public, and possibly even the webmasters at the Labor Department, may never know who carried out the attack or why, or just how successful it was."
 

Tell Us What You Think
Comment:

Name:

Terrie Barrie, Alliance:

Posted: 2013-05-01 @ 2:33pm PT
As an advocate for the sick nuclear weapons workers, this attack is beyond concerning. Advocates, claimants and DOL personnel frequently use the database to locate information to assist in proving an illness was the result of toxic exposures at a DOE plant. How many personal computers have been infected? Since DOL claims examiners use this database, have personal identifying information such as Social Security numbers been compromised?



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Mobile Tech
1.   Apple Stock Soars Ahead of iPhone 6
2.   HTC One M8 Windows Phone Unveiled
3.   Verizon Tops in Mobile Networks
4.   Sprint Out with Data Guns Blazing
5.   Best Buy Leaks Moto 360 Watch Info


advertisement
HTC One M8 Windows Phone Unveiled
Can be POS device for small business.
Average Rating:
Android 'Fake ID' Puts Millions at Risk
Users: stick to apps from Google Play.
Average Rating:
Researchers Tout Battery Breakthrough
Lithium anode could triple capacity.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Cost of Target Data Breach: $148 Million Plus Loss of Trust
The now infamous Target data breach is still costing the company -- and its shareholders -- plenty. In fact, the retailing giant forecast the December 2013 incident cost shareholders $148 million.
 
Aruba Networks Handles Black Hat with Aplomb
It's not an easy job. Aruba Networks' task throughout the Black Hat USA conference in Las Vegas this month was to ensure thousands of attendees could connect without malicious attacks.
 
Chinese Hackers Nab Info on Millions of U.S. Patients
A group of Chinese hackers has stolen the personal information, including names and Social Security numbers, of about 4.5 million patients at hospitals operated by Community Health Systems.
 

Enterprise Hardware Spotlight
Three New Lenovo PCs Aimed at Business Users
Businesses everywhere want computing solutions that do more for less money, and Lenovo has unveiled three new desktop PCs that offer solid computing at a budget-minded price.
 
Aruba Networks Handles Black Hat with Aplomb
It's not an easy job. Aruba Networks' task throughout the Black Hat USA conference in Las Vegas this month was to ensure thousands of attendees could connect without malicious attacks.
 
Compression, Deduplication Come to Violin Concerto 2200
Violin Memory has announced that data deduplication and compression capabilities are now available on its Concerto 2200 solution. Typically, users will experience deduplication rates between 6:1 and 10:1.
 

Mobile Technology Spotlight
Apple Stock Soars Ahead of iPhone 6 Launch
The imminent release of the iPhone 6 -- and maybe even an iWatch -- has sent Apple's stock soaring to new heights. Considering what else the firm could have up its sleeve -- the stratosphere may be the limit.
 
HTC Debuts Windows Phone Version of One M8 Smartphone
HTC is bringing the Windows Phone mobile OS to its flagship One M8 device -- the first time any mainstream flagship smartphone has been offered with a choice of operating systems.
 
Verizon Earns Top Rating in Mobile Network Comparison
A new report says Verizon Wireless was the top-performing U.S. cellphone service provider in the first half of 2014, on a nationwide and state-by-state basis, as well as in metro areas.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.