US Federal Reserve admits to breached system

A group claiming affiliation to the Anonymous hacktivist collective posted contact info for more than 4,000 banking executives

Malicious attackers gained entry to internal U.S. Federal Reserve System computers, illegally copying a database of banking executive contact information, the banking system has confirmed.

"The Federal Reserve System is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product. The vulnerability was fixed shortly after discovery and is no longer an issue," a Federal Reserve spokesman wrote in an email. "This incident did not affect critical operations of the Federal Reserve System."

The Federal Reserve did not identify the attackers, however, on Sunday, a group claiming to be affiliated with Anonymous, the loose collective of malicious hackers, posted the personal information of more than 4,000 bank executives, stating the information came from the Federal Reserve.

The Emergency Communications System (ECS), run by the Federal Reserve Bank of St. Louis, was the system attacked, according to a memo that the banking system sent out to the system's users. ECS provides financial institutions with status updates of the Federal Reserve during times of natural disaster. Attackers gained access to a database with bank executive contact information, including mailing addresses, business and phone numbers, email and fax numbers.

The Federal Reserve stated that no passwords were compromised, despite press reports to the contrary. The organization reset the contact's passwords to the system anyway as a precaution.

The group, Operation Last Resort, posted the contact information it had on the website for the Alabama Criminal Justice Information Center, after breaking into that site. Operation Last Resort is protesting what it considers to be overly severe U.S. Department of Justice prosecution of Internet activist and innovator Aaron Swartz, who recently committed suicide. Swartz faced a 35-year jail sentence and a US$1 million fine for allegedly illegally downloading millions of scholarly articles from a Massachusetts Institute of Technology network.

Tags U.S. Federal Reservesecuritydata breach

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Sophos Mobile Control

Data protection, policy compliance and device control for mobile devices

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.