Posted on January 21, 2019 at 7:04 PM
After nearly a month of the government shutdown, the situation in the US has yet to improve. The shutdown has already had significant consequences in some areas, and now, cybersecurity experts warn that government websites might be affected next.
Government websites’ visitors vulnerable to attacks
According to researchers, the shutdown is making government-owned websites increasingly more vulnerable to online threats. One website, manufacturing.gov, is supposedly already becoming unusable. The website’s visitors are complaining that the information regarding the manufacturing sector can no longer be accessed and that they are only receiving a message that the service will remain “unavailable until further notice.”
While there are some precautions that are keeping the sites secure, such as security certificates, a security firm Netcraft has recently reported that over 130 of these certificates have expired. As a result, scammers and hackers might find it easier to trick people into thinking that they are visiting a government-owned site, when it is actually a fake one.
Researchers also point out that there are warnings that pop up and say that the website doesn’t have an updated certificate. However, most people are used to ignoring such warnings, and will likely not pay attention to it. This may lead to the theft of website users’ personal information, such as passwords and other sensitive data.
Website security drops over time
In addition, websites themselves might be vulnerable to attacks, as IT teams that usually tend to them are no longer on standby. As a result, the software updates and other important maintenance tasks are not being performed. Meanwhile, new vulnerabilities are constantly being discovered, and while they may be patched immediately after the discovery — there is no one to implement these patches.
A partner in cybersecurity company Bishop Fox, Rob Ragan, claims that these issues might result in a breach that will likely remain unnoticed for months, or maybe even years. This is even more concerning considering that countries such as Iran, China, or Russia are always prepared to exploit even the smallest vulnerability and access the US government’s databases, especially if they are classified or private.
Symantec’s technical director, Vikram Thakur, commented on the situation as well, stating that the chances of a security breach are growing, and will continue to grow for as long as the shutdown continues. However, he also pointed out that the lower number of employees on the job means that the risk of email phishing is reduced.
Email phishing attacks occur when a hacker sends an email that contains malicious files or links to malicious or fake websites. If no one is there to open the email and infect the system, the chance of hackers breaching security via this method are significantly lower.
So far, there is no indication when will the shutdown end. However, many are pointing out that IT workers should remain on the job, as online security needs to come first.