NIST NVD Site Hacked (updated)

March 14, 2013
By

Post to Twitter Post to Facebook Post to Reddit

Wait … isn’t stuff like hacking the National Vulnerability Database (NVD) supposed to wait until Friday night? Well I guess it did … but it was last Friday. Apparently things have been under wraps since then. According to a Google Plus post by Kim Halavakoski earlier today he was trying to look up some vulnerability information from the NVD but noticed it was offline. He contacted the National Institute of Standards and Technology (NIST) and they responded saying they were offline due to a malware infections on two of its web servers. Here is their full response.

From: “Porter, Gail”
Date: 14 mars 2013 00:04:55 EET
To: “[email protected]
Subject: FW: nvd.nist.gov not reachable?

Thanks for your inquiry to the NIST Director’s Office webmaster. Below is a brief statement describing the issues we’re experiencing with the National Vulnerability Database. We do not know yet exactly when the database will be back online but we are working as quickly as we can to get the Web site back in service.

The National Vulnerability Database public-facing Web site and several other NIST-hosted Web sites are currently unavailable due to discovery of malware on two NIST Web servers.

On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet. NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability.

Currently there is no evidence that NVD or any other NIST public pages contained or were used to deliver malware to users of these NIST Web sites.

NIST continually works to maintain the integrity of its IT infrastructure and acts to limit the impact of malware on its systems. We regret the impact this has had on our services.

NIST is continuing to respond to the incident and will restore these public-facing servers as quickly as possible.

Sincerely,

Gail Porter
NIST Public Inquiries Office
National Institute of Standards and Technology
(XXX) XXX-XXX
[email protected]

Source: “US national vulnerability database hacked” – TheRegister.co.uk

Update 3/14 14:00: Since we first blogged about this breach earlier today new information has arisen about how the malware infected the NIST web servers. According to a follow-up report from TheRegister, “Adobe’s ColdFusion web development software is to blame.” The breach apparently occurred prior to Adobe knowing about four vulnerabilities and NIST’s subsequent application of the patch. That’s the good news… The bad news is that the servers had been compromised for almost two months and could have been serving up malware to visitors since then. One of the two effected servers hosted the NVD while the other one served up a number of other websites, such as manufacturing.gov, e3.gov, greensuppliers.gov, emtoolbox.nist.gov, nsreserve.gov, and stonewall.nist.gov. Talk about a waterhole attack! Check out our follow-up post for a more detailed writeup.

#####

Today’s post pic is from TheNewNewInternet.com. See ya!

Tags: , , ,

6 Responses to NIST NVD Site Hacked (updated)

  1. grecs (@grecs) on March 14, 2013 at 12:58 am

    BLOGGED: NIST NVD Site Hacked http://t.co/ZKyRVqI10G

  2. @mrkoot on March 14, 2013 at 4:03 am

    NIST National Vulnerability Database website hacked (Mar 14) https://t.co/7CPJk6gPPk /c @Cryptomeorg

  3. @sukebett on March 14, 2013 at 4:17 am

    NIST National Vulnerability Database website hacked (Mar 14) https://t.co/152AeE8Gpn ~@mrkoot

  4. @_Pa5caL_ on March 14, 2013 at 4:56 am

    NIST National Vulnerability Database has been hacked… The question is: which vulnerability was exploited to get in? https://t.co/XHTwBWU0Vt

  5. Jae Ho Jang (@jaehojang76) on March 14, 2013 at 6:34 am

    NIST NVD Site Hacked https://t.co/Xw74K01EnV

  6. novainfosec (@novainfosec) on March 14, 2013 at 8:41 am

    Mmm? NIST NVD Popped.. :( Still offline.. http://t.co/BjR9GmexRy

Leave a Reply

Your email address will not be published. Required fields are marked *


About Us

Founded in 2008, NoVA Infosec is dedicated to the community of Metro DC-based security professionals and whitehat hackers involved in the government and other regulated verticals. Find out more on our About Us page.