The Federal Reserve is the latest government agency to be hit by a cyber attack, according to reports. The breach reportedly hit an emergency communications system out of St. Louis.
Anonymous warns this is just the beginning…
PCMAG penned that ZDNet reported this morning that the hackers accessed the St. Louis Fed Emergency Communications System database. The system, which was put in place in 2008, is used by banking agencies to communicate during an emergency. It is used by 17 states, with seven more expected to come on board in 2013, ZDNet said.
Following a claim by the hacker group Anonymous, which says it penetrated the Fed’s systems on Sunday, Fed officials confirmed on Tuesday that hackers had indeed breached its security. The Fed indicated that the attack was launched through a weak spot in a website vendor application, which was quickly identified and fixed, and that the bank’s primary operations were not damaged by the intrusion, Reuters noted. The hacker group used a Twitter account to publicize its claims.
This attack comes on the heels of the hacking group Anonymous claiming on Sunday to have published login and private information from more than 4,000 U.S. bank executive accounts. The group may have gotten this data from the Federal Reserve’s computers. Apparently, Anonymous is better at obtaining information than the DOJ.
It’s unclear if the two breaches are connected. Government officials did not say which of its Web sites were hacked. However, according to Reuters, it was most likely an internal contact database for banks to use during natural disasters.
The cyber attack on the Federal Reserve comes after a slew of continuous hacks in the U.S. The Department of Energy confirmed yesterday that its internal system was breached and employee data was stolen; and last week, hackers hit several U.S. media outlets.
The cyber attack appears to have penetrated a database designated for use by bankers during a natural disaster. The Fed would not disclose which of its websites had been breached, but Reuters obtained a copy of an email sent to members of the Fed’s Emergency Communication System, advising them that their contact information had been compromised.
Anger rises as Fed confirms Anonymous hack, downplays US bank emergency system breach, penned by Violet Blue. Blue states that Jon Waldman, a senior information security consultant whose firm specializes in serving small-to-medium sized financial institutions—such as those on the list—told ZDNet and explained his anger at The Fed’s downplaying of the incident, saying:
The Federal Reserve is simply incorrect by saying there’s not account details on the list. I’ve seen that list and it is absolutely rife with account details. Usernames and hashed passwords are included with salts. Anyone worth their weight in the technology field can decrypt a hashed password. The Fed did state that the passwords weren’t “compromised,” but that just means that they weren’t listed out in plain-text… Click here for full post.
“Anonymous’s Superbowl Commercial 4k banker d0x via the FED,” the group tweeted on Feb. 3 via the @OpLastResort feed. The link to the documents is no longer live.
“We note that the Federal Reserve minidrop earlier was just a counter-distraction to the superbowl distraction. We await the DOJ’s statement,” the group tweeted later.
That statement concerns the death of Internet activist Aaron Swartz. On Jan. 28, several members of Congress penned a letter to Attorney General Eric Holder, requesting a briefing about the government’s investigation into Swartz. He was indicted in 2011 for allegedly downloading 4.8 million articles from JSTOR, a non-profit archive of academic journals, after tapping into the site from a computer wiring closet at the Massachusetts Institute of Technology. Swartz argued – and many agreed with him – that the articles he downloaded and shared were part of humanity’s collected knowledge that deserved to be shared freely amongst the scientific community. But the government persisted with the case, which some say led Swartz to commit suicide, reported PCMAG.
The deadline for Holder to answer the letter was Feb. 4. “No (public) response from DOJ,” Anonymous tweeted on Monday. Typically, however, it can take a week or so for members of Congress to release correspondence.