Home Oh, The Irony: National Vulnerablity Database Taken Down By Malware

Oh, The Irony: National Vulnerablity Database Taken Down By Malware

As if we needed more evidence that the hackers are winning, here is this: the National Vulnerability Database hosted by the National Institute of Standards and Technology has been stricken with malware and taken offline.

The NVD is a comprehensive database that integrates all of the United State’s government publicly available vulnerability resources. It is a resource to many security firms and security officers at enterprises for tracking day-to-day exploits that malicious hackers could use to breach secure systems.

In an email to security researcher Kim Halavakoski of Finland, NIST said that it had found multiple instances of malware on its public facing NVD websites and took the appropriate action to take the websites offline. 

“The National Vulnerability Database public-facing Web site and several other NIST-hosted Web sites are currently unavailable due to discovery of malware on two NIST Web servers,” wrote Gail Porter from the NIST Public Inquiries Office, according to a Google+ post by Halavakoski as reported by The Register.

Visits to the NVD website confirm that it is indeed unavailable as of 9:00 a.m. EST, March 14. 

The email from Porter to Halavokoski states that NIST’s firewall detected suspicious activity on Friday, March 8 and took steps to block the traffic from reaching the Internet. The malware on the NIST servers was traced to a software vulnerability. NIST said that there was no evidence its websites or the NVD contained or delivered any malware to users. 

“NIST continually works to maintain the integrity of its IT infrastructure and acts to limit the impact of malware on its systems. We regret the impact this has had on our services,” Porter wrote.

Nowadays, everything is a target. That goes for the public facing websites and servers of prominent government agencies such as the NIST and CIA. When it comes to the backbone of government systems (non-public facing servers), those are much harder to crack. That is why we see more distributed denial of service (DDoS) attacks on prominent websites than actual breaches. Much of this DDoS activity came from groups like Anonymous and LulzSec, but the global black hat hacker community has been stepping up its efforts in past years to actually breach internal servers. We have seen this through more advanced spear phishing techniques and the alleged hacker wing of the People’s Liberation Army of China. 

The NIST NVD site makes for an easy target. It is relied upon by many different groups and has a necessary public-facing websites that is, by basic Internet Protocol, vulnerable. NIST played the breach by the book and took the site down. 

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.