FOR IMMEDIATE RELEASE:
May 13, 2013
Contact: Mary Kay LeMay
WTOP and Federal News Radio Websites Back After Cyber Attack
Users encouraged to run security scan on their computers
WASHINGTON – The news websites, WTOP.com and FederalNewsRadio.com, are accessible to all Internet users following resolution of a cyberattack against the websites. Users accessing the websites from all web browsers, including Internet Explorer, have full access to both websites.
“Getting the websites back up and running safely for all users has been our top priority,” said Joel Oxley, Senior Vice President and General Manager of WTOP and Federal News Radio. “We take our users’ privacy very seriously, and we have taken steps to prevent similar occurrences. We apologize to our user community for any inconvenience that this incident has caused.”
WTOP.com and FederalNewsRadio.com were victims of cyberattacks last week. When the attacks were discovered, an investigation was launched immediately, the malicious code was removed, additional security measures were installed, and federal law enforcement officials were notified of the incident.
Access to the websites from Internet Explorer web browsers was blocked to allow for a careful examination of how site security was compromised and after the initial review, which suggested the hackers may have targeted Internet Explorer users.
Full access to the websites was restored on Saturday evening, May 11, 2013, after a review of site security and implementation of recommendations to fix the vulnerabilities the attacker exploited to gain access to the websites. The review was conducted and recommendations were made by Mandiant, an internationally recognized cybersecurity consulting firm.
“We have found and eliminated the vulnerabilities that were exploited,” said John Spaulding, the Washington, D.C. Director of Information Systems for Hubbard Radio, the parent company of WTOP and Federal News Radio.
Computers infected with the malware may display a pop-up message indicating that the computer is infected with a virus. This pop-up message may be fake if it prompts the user to click on a link, which takes them to a website that is not recognized by the user. This fake website offers security software for sale and prompts users to provide personal information, including credit card numbers. Users should not provide information, if prompted to do so.
Computers with up-to-date anti-virus programs and security software should identify the malware and provide instructions on how to delete or quarantine it.
Out of an abundance of caution, WTOP.com and Federal News Radio users who accessed the websites from any web browser during the cyberattack, which occurred approximately from May 5 to May 7, are encouraged to update and run their security software and perform a malware scan on their computer. (See below for more information on how to run a malware scan.)
In addition, the passwords for all registered users and users who receive breaking news, daily headline or other emails from both websites have been reset. These users have been contacted directly, informed of the need to reset their passwords the next time they visit the websites, and encouraged to change their passwords on other websites where they use the same password.
“During the cyberattack, it is possible the database of WTOP.com and FederalNewsRadio.com email users may have been compromised. However, we have no evidence that any log-in information was actually acquired by the hackers,” said Spaulding.
Neither WTOP.com nor FederalNewsRadio.com collect or store Social Security numbers or credit card information.
WTOP.com and FederalNewsRadio.com are reaching out to all users, via email messages and through social media, to make them aware of the situation. More information on how to detect malware on a computer can be found below.
The malware attack targeted the Internet Explorer browser. If you accessed WTOP.com or FederalNewsRadio.com from Internet Explorer recently, you may have been infected. While other browsers may not have been directly infected, the malware still may have installed a cookie on your browser. We urge everyone to clear their cookies and browser cache no matter what browser they have been using to access WTOP.com or FederalNewsRadio.com, and to do a full virus scan on their machine (see instructions below).
An infected machine may exhibit some or all of the following behavior:
An infected machine will likely open numerous windows with an error message such as:
You may also see error messages when trying to access the Internet, such as the ones below:
If you don’t already have an anti-virus program on your machine, download one. Some free possibilities are AVG or Avast. A removal tool, which may help, can be found here. The best practice for removing malware is to download the anti-virus program to a trusted, non- infected computer instead of the computer which you believe has the virus.
If you have access to a trusted, non-infected computer:
If you do not have access to a trusted, non-infected computer: