A sub-domain of the Department of Labor website was hacked on Wednesday, causing the site to be taken offline until further notice.
The DOL confirmed the incident in a statement to WUSA-TV.
A U.S. Department of Labor spokesman confirms one of its websites is offline after being targeted by hackers.
“A DOL program appeared to be compromised,” says a statement released by the agency. “The website was immediately taken offline and the Department began working with appropriate internal and external authorities to investigate.” […]
“The website will remain offline until DOL completes its initial investigation,” the DOL statement says. “At this time there is no evidence of compromise to or loss of DOL information nor is there any disruption in DOL’s services.”
Several security professionals who analyzed the hacking indicated that the site was unwittingly hosting malicious code as a result, which would in turn infect the systems of visitors to the site with malware.
“This technique is known as a Waterholing attack [and is] basically compromising a website you know your victims are visiting so you don’t need to target the victims, you just wait till the victims visit it and they will be compromised,” security firm Alienvault’s Director Jaime Blasco told The Inquirer, a European site for computer hardware news.
The affected sub-domain within the DOL is said to be associated with the “Site Exposure Matrices (SEM)” program. The program is hosted on its own website and stores and publishes information related to toxic substances found in certain workplaces, including “toxins and illnesses associated with nuclear manufacturing.” Primary visitors to this site would typically include federal workers who deal with these toxic substances, and those claiming related workers compensation.
Security professionals also speculated that the method employed in this incident was similar to that of a Chinese hacking campaign known as “DeepPanda.” A Fortune 500 company is also believed to have been the attempted target of the same campaign in 2011, according to a security firm white paper.
It is not known at this time if this particular website was targeted for any specific reason, other than one of opportunistic vulnerability.