Oh, The Irony: National Vulnerablity Database Taken Down By Malware

As if we needed more evidence that the hackers are winning, here is this: the National Vulnerability Database hosted by the National Institute of Standards and Technology has been stricken with malware and taken offline.

The NVD is a comprehensive database that integrates all of the United State’s government publicly available vulnerability resources. It is a resource to many security firms and security officers at enterprises for tracking day-to-day exploits that malicious hackers could use to breach secure systems.

In an email to security researcher Kim Halavakoski of Finland, NIST said that it had found multiple instances of malware on its public facing NVD websites and took the appropriate action to take the websites offline. 

“The National Vulnerability Database public-facing Web site and several other NIST-hosted Web sites are currently unavailable due to discovery of malware on two NIST Web servers,” wrote Gail Porter from the NIST Public Inquiries Office, according to a Google+ post by Halavakoski as reported by The Register.

Visits to the NVD website confirm that it is indeed unavailable as of 9:00 a.m. EST, March 14. 

The email from Porter to Halavokoski states that NIST’s firewall detected suspicious activity on Friday, March 8 and took steps to block the traffic from reaching the Internet. The malware on the NIST servers was traced to a software vulnerability. NIST said that there was no evidence its websites or the NVD contained or delivered any malware to users. 

“NIST continually works to maintain the integrity of its IT infrastructure and acts to limit the impact of malware on its systems. We regret the impact this has had on our services,” Porter wrote.

Nowadays, everything is a target. That goes for the public facing websites and servers of prominent government agencies such as the NIST and CIA. When it comes to the backbone of government systems (non-public facing servers), those are much harder to crack. That is why we see more distributed denial of service (DDoS) attacks on prominent websites than actual breaches. Much of this DDoS activity came from groups like Anonymous and LulzSec, but the global black hat hacker community has been stepping up its efforts in past years to actually breach internal servers. We have seen this through more advanced spear phishing techniques and the alleged hacker wing of the People’s Liberation Army of China. 

The NIST NVD site makes for an easy target. It is relied upon by many different groups and has a necessary public-facing websites that is, by basic Internet Protocol, vulnerable. NIST played the breach by the book and took the site down.