Hackers Infiltrate US Government's National Vulnerability Database
In what can only be described as an astounding instance of irony, the National Vulnerability Database (NVD) has fallen victim to a security vulnerability. The site, which exists to inform the American populace about potential software security threats, has been hacked and infected with malware, bringing it offline until further notice.
Kim Halavakoski, a Finnish security expert, discovered this information when he noticed the site was down, and sent an email to investigate. Gail Porter, a public inquiries officer for the National Institute of Standards and Technology, replied:
"The National Vulnerability Database public-facing website and several other NIST-hosted websites are currently unavailable due to a discovery of malware on two NIST Web servers," wrote Porter. The NIST discovered oddities in its firewall on March 8, and brought its servers offline shortly thereafter.
Luckily for Halavakoski and others who frequent the site, there is no reason to believe that any of this malware made its way to users. Still, given how valuable a resource the NVD is to those who work in IT security, the site's absence, as well as its murky restoration date, could still prove problematic. [See also: 10 Ways the Government Watches You]
Porter did not estimate when the NVD might return to the Web. Since the breach was not nearly as catastrophic as it could have been, the site should not be down for too long. But the presence of vulnerabilities on a government website dedicated to tech security is still troubling.
This is not the first time that hackers have made their way intogovernment websites, and in all likelihood, it will not be the last. This incident should serve as a hard reminder that users need to be mindful of their own online security. But they can take some solace in the fact that they generally make much less appealing targets than do government installations.