Irony of ironies: anti-hacking website hacked

Data ProtectionAs anyone in business likely knows, government websites are far from ideal, often making it difficult to find information that should be readily available.  The federal government’s online presence, however, hit a new low this month when it was revealed that the very website designed to collect and distribute information about hacking attacks was itself hacked.  The site in question, the NIST National Vulnerability Database, has been offline since the 8th when two servers at NIST, the National Institute for Standards and Technology, were identified as infected with malware.

The purpose of the National Vulnerability Database is to help businesses and individuals know when a large-scale malware event is happening.  The hope is that by distributing timely information on a large scale, virus-based and other attacks can be slowed or even stopped.  Security researchers consider the NVD to be an invaluable resource – or did, until the site went down.

Some in the computer security industry regard the NVD fiasco as an indication that hackers are pulling out ahead of attempts to track and catch them.  Recent events would certainly support this interpretation, with major businesses such as Evernote, Apple, Microsoft and even the programming language of Java all hacked within the first three months of the new year.

NIST Public Affairs Officer Gail Porter commented on the situation in response to an email from Kim Halavakosk, a Finnish computer security expert, saying: “On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the internet.  NIST began investigating the cause of the unusual activity and the servers were taken offline.  Malware was discovered on two NIST web servers and was then traced to a software vulnerability.”

The incident demonstrates how vitally important it is for businesses both large and small to adopt procedures and policies that can protect against data loss protection.  Since relatively few business people have expertise and experience in this realm, one viable option can be to work closely with a consulting firm that understands the various factors that can impact and enhance computer security.