The National Vulnerability Database (NVD) and several other websites operated by the National Institute of Standards and Technology (NIST) have been inaccessible for the past few days.
It turns out that NIST's systems have been hacked. More precisely, the sites have been taken down after malware was identified on a couple of web servers.
Security expert Kim Halavakoski has contacted NIST representatives in an attempt to find out why the NDV is unavailable.
“The National Vulnerability Database public-facing Web site and several other NIST-hosted Web sites are currently unavailable due to discovery of malware on two NIST Web servers,” NIST representatives wrote in an email to Halavakoski, which he posted on his Google+ profile.
“On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet. NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability,” the email continued.
“Currently there is no evidence that NVD or any other NIST public pages contained or were used to deliver malware to users of these NIST Web sites. NIST continually works to maintain the integrity of its IT infrastructure and acts to limit the impact of malware on its systems. We regret the impact this has had on our services.”
Halavakoski makes an interesting observation based on the data provided by NetCraft. Up until March 7, the nvd.nist.gov site was running on Windows Server 2008 and IIS 7.5, but after the breach, starting with March 9, it has been running on Linux and Apache.
NIST representatives state they don’t know when the database will be back online, but they say they will restore it “as quickly as possible.”