ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] Update to: Fw: Treasury Department Web Sites Redirect Visitors to Malicious Sites

  • To: ga@xxxxxxxxxxxxxx, rod_beckstrom@xxxxxxxxx, stephen@xxxxxxxx, SenateWebmail@xxxxxxxxxxxxxxxxx, gwen@xxxxxxx, jeffrey@xxxxxxxxx, info@xxxxxxx, dave.piscitello@xxxxxxxxx, julie.hedlund@xxxxxxxxx, "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
  • Subject: Re: [ga] Update to: Fw: Treasury Department Web Sites Redirect Visitors to Malicious Sites
  • From: Hugh Dierker <hdierker2204@xxxxxxxxx>
  • Date: Tue, 4 May 2010 17:57:34 -0700 (PDT)

Jeff,
 
What could be wrong with malfeasance and negligence in the same data base that 
secures all our national/federal executive branch.  Last I checked the Secret 
Service was well within this "domain".  These guys are bordering on 
real serious stuff on our government.
 
If they knew that they needed to prevent this from happening, knew that by not 
doing what they were contracted to do this could occur, and they took money to 
do that which they did not do ... Well under McCarthy that would be treason. 
Probably Brown of the ferry story would liked to be unhanged for doing similar.
 
So this is really a big deal. It is not a technical error. It is very wrong.

--- On Tue, 5/4/10, Jeffrey A. Williams <jwkckid1@xxxxxxxxxxxxx> wrote:


From: Jeffrey A. Williams <jwkckid1@xxxxxxxxxxxxx>
Subject: [ga] Update to: Fw: Treasury Department Web Sites Redirect Visitors to 
Malicious Sites
To: ga@xxxxxxxxxxxxxx, rod_beckstrom@xxxxxxxxx, stephen@xxxxxxxx, 
SenateWebmail@xxxxxxxxxxxxxxxxx, gwen@xxxxxxx, jeffrey@xxxxxxxxx, info@xxxxxxx, 
dave.piscitello@xxxxxxxxx, julie.hedlund@xxxxxxxxx
Date: Tuesday, May 4, 2010, 4:32 PM



All,

  As a matter of reference, ect., seems that some of these sites
were also hosted by GoDaddy as well.  Interesting that the two
largest fee/financial sources for ICANN were the two related
culprets, eh?  It's even more interesting that Network Solutions
is also a contractor for the USG as well...  Perhaps some OIG
review/investigation is in order here, as well as ICANN's
SSAC doing a bit more effective, if any, oversight of their 
Registries and Registrars that also provide hosting?  Just a couple
of thoughts...

  Dear Sen. Cornyn, would you be so kind as to forward this onto
Sen. Rockefeller and Sen. Warner? I believe that Network Solutions
is in jurisdiction of Sen. Warner, and that Sen. Rockefeller is
significantly involved in cybersecurity.  Perhaps they can provide
some incentive for these entities to be much more diligent with the
Public's online safety and security.  FWIW I as a professional view this
incident of a national security nature, and given that Network Solutions
in particular and GoDaddy to a lesser degree have seemingly provided
the means of significantly damaging our national security, it would
seem prudent if not necessary that any contracts with the USG that
Network Solutions has currently be immediately reviewed for the
purposes of re-bid to some other more responsible entity, and that
GoDaddy's current hosting operations for the private sector be
suspended pending immediate and effective correction of their
hosting operations from a cybersecurity perspective.  As a former
State Supream court Judge, I believe you can appriciate my view
here...

-----Forwarded Message-----
>From: "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
>Sent: May 4, 2010 2:25 PM
>To: imatx26@xxxxxxxxxxxxxx, icann-board@xxxxxxxxx, 
>jnevett@xxxxxxxxxxxxxxxxxxxx, robert.smith1@xxxxxxxxxxxxx, 
>SenateWebmail@xxxxxxxxxxxxxxxxx, rod_beckstrom@xxxxxxxxx
>Cc: akatz@xxxxxxxxxxxxxxxxxxxxxxxx, schneier@xxxxxxxxxxxx, 
>cstamer@xxxxxxxxxxxxxxxxxxx, dpeelmd@xxxxxxxxxxxxxxxxxxxxxxxx, eddan@xxxxxxx, 
>cogitoergosum@xxxxxxxxxxxxx, fbi.dallas@xxxxxxxxxx, ssene@xxxxxxxxxxxx, 
>greg.abbott@xxxxxxxxxxxxxxx, gwen@xxxxxxx, jeffrey@xxxxxxxxx, lauren@xxxxxxxx, 
>lehto.paul@xxxxxxxxx, peggy.himes@xxxxxxxx, rob@xxxxxxxxxxxxx, 
>roberto@xxxxxxxxx, secretariat@xxxxxxxxxxxx, stephen@xxxxxxxx, 
>monitor@xxxxxxxxxxxxx, public.information@xxxxxxxxxxxxxxx
>Subject: Treasury Department Web Sites Redirect Visitors to Malicious Sites
>
>All,
>
>  This report is particularly concerning for obvious reasons.
>How are the American people or any of Americas trading partners
> supposed to have respect or any confidence when the Treasury in 
>conjunction with NIST when it comes to cybersecurity?  Additionally
>as the hosting company was Networksolutions and ICANN registry and
>hosting provider, also demonstrates that ICANN is remains unable
>or unwilling to oversee it's contracted registries and registrars
>appropriately.
>BTW I fully agree with Alen Pallers remarks entirely...
>See:(May 3, 2010)
>Several US Treasury Department web sites are redirecting visitors to
>other sites that try to install malware on their computers.  The attack
>uses an embedded iframe in three Treasury web sites that invokes scripts
>from another site.  The malware affects only computers that have not
>previously visited Treasury web sites.  Evidence suggests that the
>attacks are related to the infections several weeks ago of sites hosted
>by Network Solutions.  The affected treasury sites are all hosted by
>Network Solutions, and the owner of record of the malicious sites used
>in the attack is the same as the owner of record for the sites used in
>the previous attacks.
>http://www.theregister.co.uk/2010/05/03/treasury_websites_attack/
>[Editor's Note (Pescatore): Government websites tend to have a higher
>than average level of security, but it is mainly because there are very
>few government web sites doing any kind of complex commerce or any
>actual transactions at all. They are mostly information publishing
>sites, where vulnerabilities are relatively easy to discover - if you
>are looking for them.
>(Paller): The agency was directly following NIST guidance.  Two and a
>half years after PCI required application security testing, and more
>than a year after a DHS web site tried to infect visitors' machines,
>NIST added the relevant control to 800-53. However, without explanation,
>NIST told agencies they did not have to apply that control for low risk
>systems.  It is low risk systems at DHS and now Treasury that are
>infecting visitors' computers.  This error reflects a fundamental lack
>of understanding of cyber threat at NIST. Only NSA, DHS, and the NIC-JTF
>have that knowledge. That the US House Science Committee in Congress
>continues to demand that NIST write security regulations for areas it
>doesn't understand demonstrates a level of disregard for national
>security that is breathtaking.]
>

Regards,

Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 294k members/stakeholders and growing, 
strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B; liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of
Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail jwkckid1@xxxxxxxxxxxxx
Phone: 214-244-4827





      


<<< Chronological Index >>>    <<< Thread Index >>>