3rd Party Risk Management

Treasury: Cloud Computing Host Hacked

Bureau of Engraving and Printing Website Disrupted
Treasury: Cloud Computing Host Hacked
The Treasury Department blamed a cloud computing provider for the disruption of its website that provides the Internet face of the Bureau of Engraving and Printing, the agency that prints United States currency.

A blog Monday reported that the sites were hacked. As of late Wednesday morning, the bureau's website was inaccessible, but was accessible by Friday morning.

On Tuesday, Treasury issued the following statement:

"The Bureau of Engraving and Printing (BEP) entered the cloud computing arena last year. The hosting company used by BEP had an intrusion and as a result of that intrusion, numerous websites (BEP and non-BEP) were affected. On May 3, the Treasury Government Security Operations Center was made aware of the problem and subsequently notified BEP. BEP has four Internet address URLs all pointing to one public website. Those URLs are; BEP.gov; BEP.treas.gov; Moneyfactory.gov and Moneyfactory.com.

BEP has since suspended the website. Through discussions with the provider, BEP is aware of the remediation steps required to restore the site and is currently working toward resolution.

Treasury did not identify the host company.

Roger Thompson, chief research officer for IT security software vendor AVG, wrote in his blog that "for a short while (Monday) a couple of treas.gov websites were hacked, and were reaching out to an attack site in Ukraine."

Thompson added: "They had been script injected with the line of code. BTW, you should not mess with the attack site. It was dead earlier (Monday), but could easily come back to life."

At first, Thompson credited Treasury with quick action to fix the problem, but in another blog entry posted late Monday, said the problem persisted.

Managing Editor Linda McGlasson contributed to this story.


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.