Federal Reserve confirms its system was breached
A group claiming affiliation to the Anonymous hacktivist collective posted contact info for more than 4,000 banking executives
IDG News Service - Malicious attackers gained entry to internal Federal Reserve System computers, illegally copying a database of banking executive contact information, the banking system has confirmed.
"The Federal Reserve System is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product. The vulnerability was fixed shortly after discovery and is no longer an issue," a Federal Reserve spokesman wrote in an email. "This incident did not affect critical operations of the Federal Reserve System."
The Federal Reserve did not identify the attackers, however, on Sunday, a group claiming to be affiliated with Anonymous, the loose collective of malicious hackers, posted the personal information of more than 4,000 bank executives, stating the information came from the Federal Reserve.
The Emergency Communications System (ECS), run by the Federal Reserve Bank of St. Louis, was the system attacked, according to a memo that the banking system sent out to the system's users. ECS provides financial institutions with status updates of the Federal Reserve during times of natural disaster. Attackers gained access to a database with bank executive contact information, including mailing addresses, business and phone numbers, email and fax numbers.
The Federal Reserve stated that no passwords were compromised, despite press reports to the contrary. The organization reset the contact's passwords to the system anyway as a precaution.
The group, Operation Last Resort, posted the contact information it had on the website for the Alabama Criminal Justice Information Center, after breaking into that site. Operation Last Resort is protesting what it considers to be overly severe U.S. Department of Justice prosecution of Internet activist and innovator Aaron Swartz, who recently committed suicide. Swartz faced a 35-year jail sentence and a $1 million fine for allegedly illegally downloading millions of scholarly articles from a Massachusetts Institute of Technology network.
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Cybercrime and Hacking White Papers | Webcasts