The US Federal Reserve Bank (FRB) has released a statement detailing that personal information has been stolen from their servers during a hack attack. The hacktivist group Anonymous are thought to be behind the attack, although this has not been confirmed by the FRB. During the attack, the details of 4,000 bank executives, thought to be part of a contact database used in the event of natural disasters, were released.
In an official statement, the FRB put the attack down to the exploitation of “a temporary vulnerability in a website vendor product”. The statement went on to say “exposure was fixed shortly after discovery and is no longer an issue” and that although personal information was stolen, no “critical operations of the Federal Reserve system” were affected. The contact database that was stolen contained such details as work addresses, mobile numbers as well as computer log in details. However the FRB, in an internal statement, had advised that “passwords were not compromised”.
The hacking group Anonymous used this latest attack as a protest against the prosecution and recent death of Aaron Swartz. It is widely thought that pressure put on Swartz by his impending prosecution caused the 26 year-old to take his own life. Swartz, a co-founder of such internet landmarks as RSS news feeds and the social news website Reddit, was to be prosecuted on allegations of infiltrating the Massachusetts Institute of Technology (MIT) and stealing data, which could have resulted in a 35 year prison sentence.
Anonymous have been behind many infamous cyber-attacks in recent years, such as an attack on UK Government websites, as well as the Pentagon and News Corporation. The inspiration behind many of Anonymous’s attacks are internet censorship and surveillance, although this particular attack was linked strongly to the death of Aaron Swartz.
This latest attack raises questions for the banking sector, who will want to know more about how the hack was achieved and if it’s something they should be worried about. What was the “temporary vulnerability”, and why did it exist in the first place? Despite the fact that this attack did not affect “critical operations”, US banks, who have to share information with the FRB, this attack potentially puts their sensitive data at risk. Aside from that, banks will be worried that if the FRB can be hacked into, what’s to stop their own IT security from being breached?
In all of this is the message that despite a recent prosecution of an Anonymous member, the group is still able to wreak havoc in a variety of ways and affect a range of organisations.