Security researchers discovered that the website for the Bureau of Engraving and Printing and associated “MoneyFactory Store” were hacked on Monday. The attacker added instructions to the front page of both sites that would run a script to allow a Ukrainian-based system insert instructions that will allow someone to attack a user’s computer through the browser.
Currently, the BEP website (moneyfactory.gov, bep.gov, and bep.treas.gov) and the BEP’s online store (moneyfactorystore.gov) are off-line. The website used to support the launch the new $100 Federal Reserve Note (newmoney.gov) was not infected by this attack.
The system that would have been used to launch the attack from the Ukraine is also down but do not count on it staying down. Attacker systems can be transient in order to throw off investigations.
As an information security professional, I urge everyone to ensure they practice safe surfing! Here are five basic rules to help you keep your system safe online:
- Make sure your system and software is up to date. While many products will check for updates on their own, you may have to check Microsoft Windows and Office on your own. In your “Start” menu select “Windows Update” to allow your system to be properly updated.
- Run an anti-virus and anti-malware program. Malware is “malicious software” that would do harm to your computer. This attack would install malware on your system through your browser. Some service providers (like Comcast) offers a free download of an anti-virus program. Take advantage of that offer! If you want a good basic anti-virus program is the AVG Anti-Virus Free Edition. It is not as full featured of others, but it provides good protection.
- Once you install your anti-virus program, make sure you keep it up to date! Keeping it up to date means that you download the information about new attacks from the manufacturers of the anti-virus program. Threats are constantly changing and you need to keep up to date. If you are using old information, it is like leaving holes in your defenses for the attackers to get through. Make sure the software keeps updated. Also, pay for the yearly service to keep it updated. Think of it an insurance policy for your critical data!
- If you are not running the latest version of your browser, upgrade it now! If you are running Internet Explorer version 5 or 6 it is similar to leaving the doors of your car unlocked in an unsafe neighborhood. I know Internet Explorer 7 looks different that others, but it is worth updating. Do so now! This also is true if you are using any other browser including Firefox, Safari, Opera, etc.
- Turn on your system’s firewall service. The firewall is software used to protect the system from threats that come directly from the Internet. All modern systems come with a firewall, turn it on and use it. Many anti-virus packages have better firewalls than the one that come with the operating systems. Use it!
Microsoft has a very good Online Safety and Privacy Education website with information and resources written in plain English (as opposed to Geek English) along with easy to follow How-To guide and instructional videos. You can find a more comprehensive information at the Home PC Firewall Guide.
Please stay safe online and watch my Twitter account (@coinsblog) for when the BEP is back online.