Hackers tampering with Internet, e-mail links

Federal and industry security teams are warning agencies about malicious code embedded in Internet links on World Wide Web sites and in e-mails that could allow hackers to capture any information entered by the user.

The Computer Emergency Response Team (CERT) Coordination Center, the Defense Department CERT, the DOD Joint Task Force for Computer Network Defense, the Federal Computer Incident Response Capability and the FBI's National Infrastructure Protection Center jointly issued the alert on Wednesday.

The method the hackers used, called cross-site scripting, is embedded HTML script or tags that are not usually recognized by Internet servers, so anyone using any system or Web browser is vulnerable, according to the advisory. As soon as a user clicks on a link that includes the malicious script, whether the link is on a Web page or in an e-mail, the user sends to the Web server the malicious code. Hackers then can capture or change the page the user sees, affecting both the user and the server administrator.

The advisory includes steps that users and Web site administrators can take to protect themselves. But technical teams and law enforcement officials are encouraging users to forward any information or feedback. As of Wednesday, no attacks had been reported, but the potential for harm is very high, according to the advisory.

Featured

  • Budget
    cybersecurity (vs148/Shutterstock.com)

    House's DHS funding bill would create public-private cyber center

    The legislation would give $2.25 billion to DHS' cyber wing and set up an integrated cybersecurity center with other agencies, state and local governments and private industry.

  • Workforce
    Former vice-president Joe Biden formally launches his 2020 presidential campaign during a rally May 18, 2019, at Eakins Oval in Philadelphia. (Matt Smith Photographer/Shutterstock.com)

    Biden promises to undo Trump’s workforce policies

    Democratic candidate pledges to appropriate permanent funding to feds in case of another shutdown.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.