Anonymous linked to attack on US central bank

Hacking group thought to be behind attack that led to the exposure of personal information belonging to 4,000 banking executives.

Hackers

The US Federal Reserve has fallen victim to hackers who managed to breach the central bank's internal websites, although no critical functions are known to have been affected.

The admission, which raises questions about cyber security at the Fed, follows a claim that hackers linked to the activist group Anonymous had struck the Fed on Sunday, accessing personal information of more than 4,000 US bank executives, which it published online.

"The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product," a Fed spokeswoman said.

Despite claims to the contrary, passwords were not compromised.

"Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system," the spokeswoman said, adding that all individuals effected by the breach had been contacted.

Anonymous appeared to have published information allegedly containing the login information, credentials, internet protocol addresses and contact information of more than 4,000 US bankers on Sunday night.

The claim was made via Twitter over an account registered to OpLastResort, which is linked to Anonymous.

OpLastResort is a campaign that some hackers linked to Anonymous have started to protest government prosecution of computer prodigy Aaron Swartz, who committed suicide on January 11.

The Fed declined to identify which website had been hacked. But information that it provided to bankers indicated that the site, which was not public, was a contact database for banks to use during a natural disaster.

A copy of the message sent by the Fed to members of its Emergency Communication System (ECS), which was obtained by Reuters, warned that mailing address, business phone, mobile phone, business email, and fax numbers had been published.

"Some registrants also included optional information consisting of home phone and personal email. Despite claims to the contrary, passwords were not compromised," the Fed said.

The central bank separately confirmed the authenticity of the message to ECS members.

The website's purpose is to allow bank executives to update the Fed if their operations have been flooded or otherwise damaged in a storm or other disaster. That helps the Fed to assess the overall impact of the event on the banking system.

Hackers identifying themselves as Anonymous infiltrated the US Sentencing Commission website late last month to protest the government's treatment of the Swartz case.

Swartz was charged with using the Massachusetts Institute of Technology's computer networks to steal more than 4 million articles from JSTOR, an online archive and journal distribution service. He faced a maximum sentence of 31 years if convicted.

Cyber-security specialists said that any organization's computer systems could be breached, and that it was up to an organization like the Fed to prioritize its security needs, in order to protect its most sensitive information from attack.

"Every system is going to have some vulnerability to it. You cannot set up a system that will survive all possible attacks," said Mark Rasch, director of Privacy and security consulting at CSC and a former federal cyber crimes prosecutor.

"You have to defend against every possible vulnerability and the attackers only have to find one way in," he said.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021
US, UK say Russia was behind SolarWinds hack
cyber attacks

US, UK say Russia was behind SolarWinds hack

16 Apr 2021
1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021

Most Popular

University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021