The U.S. Census Bureau has been a popular target of hackers due to its vast data collection. The federal agency collects statistical data on over 300 million Americans and thus has often been targeted by hackers. Now, the Federal Bureau of Investigation (FBI) has warned that attackers are using spoofed census websites to lure victims.
The alert was issued by the FBI's Cyber Division in coordination with the U.S. Department of Homeland Security's (DHS) Office of Intelligence and Analysis, Census Bureau and the Department of Commerce. The alert also listed 63 domains that were registered recently, spoofing the Census Bureau.
"The FBI has observed entities not associated with the US Census Bureau registering numerous domains spoofing the Bureau's websites, likely for malicious purposes," the FBI alert said, adding that spoofed domains, also known as typosquatting, impersonate legitimate Census Bureau domains by altering the address. Two of the examples are census-bureau.com and census-gov.us. The original address of the agency is census.gov.
While the FBI didn't reveal if those domains had been used in phishing scams or attacks, the agency warned of potential cyberattacks. Hackers can send mail using the domain with look-alike census forms to collect data and also tricking the victim into downloading malware. That can potentially encrypt the victims' computers and also steal sensitive personal information stored on the computer/mobile phone.
To mitigate the risks of the attacks, the FBI provided a list of recommendations including checking the spelling of the website address and ensuring SSL (Secure Sockets Layer) certification.
Cyberattacks on Census Bureau
As the Census Bureau collects a vast amount of data including personal and financial information, it has come under attacks many times. The agency uses the data to allocate over $600 billion in federal funding for local governments. In a report published earlier this month, DHS said that it had detected multiple hacking attempts from unknown groups last year, the Bleeping Computer reported.
"Unidentified cyber actors have engaged in suspicious communications with the U.S. Census public-facing network over at least the last year, including conducting vulnerability scans and attempting unauthorized access," the DHS added in the report.
In 2018, the agency's website which was developed and managed by its digitization partner Pegasystems came under attack from Russian IP addresses. The DDoS (Distributed Denial of Service) managed to breach a firewall and accessed restricted information. However, the agency said data was not stolen.
"Cyber activity directed at the U.S. Census could include attempts to gain illicit access to census-gathered bulk data, to alter census registration data, to compromise the census infrastructure supply chain, or conducting denial-of-service attacks," the report added.
To minimize the risk of potential phishing attacks, DHS and FBI have been blocking the newly registered domains. However, despite their attempts, many more spoofed domains are created every day.