Federal Websites Shutdown Due to Expired Security certificates
The public in the United States will no longer be able to access several Federal websites due to their expired HTTPS certificates. The Government has shut down the websites with lapsed security certificates citing the situation that could put visitors at risk
It was noted by Netcraft, a UK-based web security company, and found several of the US government websites are running on expired security certificates. The websites belonging to “NASA, the U.S. Department of Justice, and the Court of Appeals” are now inaccessible and insecure.
Netcraft writes “With around 400,000 federal employees currently furloughed, more than 80 TLS certificates used by .gov websites have so far expired without being renewed. To compound the situation, some of these abandoned websites can no longer be accessed due to strict security measures that were implemented long before the shutdown started.”
It was also noted by Netcraft how some modern browsers, which restrict access to websites without proper certificates or warnings, are not doing so in this case of Federal websites.
Netcraft found more than 80 expired security certificates for US government websites, but they are not sure if hackers have taken a call to turn this in their favor.
Marc Rogers, who runs cybersecurity at Okta, argues how “If users were to ignore such warnings, they would be vulnerable to the type of man-in-the-middle attacks that TLS certificates were intended to combat.” Rogers said the tactic has been used by both criminals and spy agencies to fool internet users and compromise computers.
Rogers said “the seriousness of expired certificates should prompt lawmakers to plan better for the next government shutdown. We need to ask, what are the things that we need to protect?” So that when these lapses happen, criminals don’t take advantage.”
Although many sites appear to be affected by the issue, others are immune to the certificate expiration problem.
“Government websites hosted on “cloud.gov, search.gov or federalist.18f.gov” are set up in a way that re-new their certificates automatically every three months,” said TechCrunch’s Zack Whittaker.
The HTTP certificate issue for Federal websites comes at a time when President Donald Trump is demanding a budget of $5.7 billion dollars to build a wall on the U.S.-Mexico border. Today is the 22nd day of the shutdown of this partial shutdown.
Kevin Jones949 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.