NORMAN — If you can’t trust visiting the U.S. government’s Department of Labor website, what on the Internet can you trust?
I asked a similar question in March 2011, in my column titled, “Careful where you click,” as I wondered, “Who would think that looking at ads found on the London Stock Exchange website could infect your computer with malicious software designed to steal your money? If you can’t trust the London Stock Exchange, who can you trust?”
In that situation, you didn’t even have to click on anything. All you had to do was look at the London Stock Exchange’s main website page and bam, your computer would start preparing malicious software for installation in what has come to be known as a “drive-by attack.” Folks who actually clicked on the fake notices and “alerts” that popped up found themselves in big trouble.
Here we are, two years later, and it seems that too many highly-placed, over-paid, so-called security officers working for the U.S. government still don’t know how to secure their own websites. Last week, visitors to the U.S. Department of Labor website, www.sem.dol.gov, a site devoted to hazardous conditions found at Department of Energy installations, found the website hacked and their computers being infected with malware. It appears that the infected site and the attacks it was serving up were the work of Chinese hackers targeting certain employees working in the nuclear weapons industry. I checked the website while writing this column and it was still offline.
Should we expect more of our trusted government servants?
“…this issue highlights (again) the U.S. federal government infecting citizens’ computers with malware. President Bill Clinton (in 1998) called for the government to “lead by example” in cybersecurity. How can the government expect industry to do the right thing, he asked, if the government doesn’t protect its own systems and show the way?” asks Alan Paller, director of research at the world-renowned SANS Institute. “When Karen Evans was at OMB as federal CIO and when Sameer Bhalotra was in the White House as deputy cyber czar, there was real progress. Is it reasonable to ask why we have gone backwards since they left?”