back to article US Labor Dept website serving malware to innocent visitors

The US Department of Labor's website has been hacked and malicious code stuck behind the scenes, security tools firm AlienVault says. Since yesterday, the DoL site has been serving out malicious code that installs malware on unsuspecting users' computers, AlienVault's labs director Jaime Blasco told The Register. The DoL said …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    US Labor Dept website serving malware to innocent visitors

    No one's innocent.

  2. asdf

    interesting choice

    Gee I wonder if they went after the Labor Dept because they are not big on labor laws at all (one man's school is another man's Chinese government owned fireworks factory). Somebody forgot to tell them we are now backsliding and well on our way back to child labor for the poor as well (what was that Newt and other GOP twits said on the issue?).

    1. Anonymous Coward
      Anonymous Coward

      @asdf: Re: interesting choice

      You show great agility in moving from subject A to completely unrelated subject B. This sort of tangential thinking comes easily to you, does it? What do your doctors say about it?

      1. asdf
        Trollface

        Re: @asdf: interesting choice

        So says the Anon coward afraid to show his post history. What are you hiding?

  3. nuked

    I wouldn't for one second believe that Western hacks against China are any less frequent, or less severe. It's just the general approach to reporting these hack-stories is pretty guttery, to be honest.

    http://www.theregister.co.uk/2013/05/01/mozilla_gamma_cease_and_desist/

    1. asdf

      The impacts may also be less severe as China still is not as dependent on electrons flowing as the West especially in their country side.

  4. Anonymous Coward
    Anonymous Coward

    Swiss cheese internet anyone...?

    This is so sad I don't know whether to laugh or cry! Feeble Internet Security...

    1. Wzrd1 Silver badge

      Re: Swiss cheese internet anyone...?

      Even money, it was an idiot perusing his gmail account while logged onto the server.

      Caught one admin doing that when I was overseas and I was the IA guy for the installation.

      Couldn't get him fired. :(

      1. Richard 12 Silver badge

        Re: Swiss cheese internet anyone...?

        How about just blocking all forms of webmail?

        Ok, it doesn't stop idiots from using remote access from home machines to compromise your servers, but there usually isn't a business case for allowing any webmail on corporate networks and there are business reasons for blocking it (IP theft etc)

        (Unless your corporate email is provided by one of these webmail services, in which case, $deity help you!)

  5. tbarrie

    As an advocate for the workers and their survivors who became ill from working at the nuclear weapons facilities, I am dismayed and concerned about this incident. Originally, only DOL claims examiners had access to this database. They used the information to decide whether or not a toxic exposure was responsible for an illness. The advocates fought hard to get this database in the public domain so that the claimants would have the right to challenge any incorrect information. Before the database was made public, the advocates felt that the claimants due process rights were being violated. Now, because of this hack, we are back to square one. Shame on the hackers! We have no idea if DOL will be able to fix this. Or even if they would want to. We have no idea if the claimants will be able to find the evidence they need to prove their claim.

    1. Wzrd1 Silver badge

      @tbarie, the US Government requires, by law, all data be backed up.

      So, the worst case is, data may be lost from whenever the server was infiltrated to complete data restoration.

      That said, such backup needs funding. One organization I worked for had a "red headed stepchild" budget and we had to backup servers to other servers and zip funding for central log administration.

      But, if they can't fix the problem, the lot of them need to be released to find jobs as cab drivers and competent personnel be hired.

      And yes, I'm familiar with your advocacy group. It has helped a lot of people over the years and I hope it continues to advocate for those injured during our hasty rush to things nuclear before we fully understood the issues around the various programs.

      1. tbarrie

        Thank you.

  6. This post has been deleted by its author

  7. Andy Fletcher

    CMS?

    Be nice to say a little bit about what platform the site is running on if we're talking about a vuln which presumably we are.

    @Eadon - for pity's sake, I thought we all knew many attacks appear to come from China because of the abundance of insecure machines out there. The "hackers" can be anywhere, and are more than likely right here or in the US or Germany.

This topic is closed for new posts.

Other stories you might like