Fed says internal site breached by hackers, no critical functions affected

WASHINGTON/BOSTON Wed Feb 6, 2013 10:30am IST

A view shows the Federal Reserve building on the day it is scheduled to release minutes of the Federal Open Market Committee from August 1, 2012, in Washington August 22, 2012. REUTERS/Larry Downing/Files

A view shows the Federal Reserve building on the day it is scheduled to release minutes of the Federal Open Market Committee from August 1, 2012, in Washington August 22, 2012.

Credit: Reuters/Larry Downing/Files

Priyanka Gandhi Vadra, daughter of Congress party chief Sonia Gandhi, adjusts her flower garlands as she campaigns for her mother during an election meeting at Rae Bareli in Uttar Pradesh April 22, 2014. REUTERS/Pawan Kumar

Election 2014

More than 814 million people — a number larger than the population of Europe — are eligible to vote in the world’s biggest democratic exercise.  Full Coverage 

WASHINGTON/BOSTON (Reuters) - The Federal Reserve said on Tuesday that one of its internal websites had been briefly breached by hackers, though no critical functions of the U.S. central bank were affected by the intrusion.

The admission, which raises questions about cyber security at the Fed, follows a claim that hackers linked to the activist group Anonymous had struck the Fed on Sunday, accessing personal information of more than 4,000 U.S. bank executives, which it published on the Web.

"The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product," a Fed spokeswoman said.

"Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system," the spokeswoman said, adding that all individuals effected by the breach had been contacted.

Technology news site ZDNet separately reported that Anonymous appeared to have published information allegedly containing the login information, credentials, internet protocol addresses and contact information of more than 4,000 U.S. bankers on Sunday night.

The claim was made via Twitter over an account registered to OpLastResort, which is linked to Anonymous, a loosely organized group of hacker activists who have claimed responsibility for scores of attacks on government and corporate sites over the past several years.

OpLastResort is a campaign that some hackers linked to Anonymous have started to protest government prosecution of computer prodigy Aaron Swartz, who committed suicide on January 11.

The Fed declined to identify which website had been hacked. But information that it provided to bankers indicated that the site, which was not public, was a contact database for banks to use during a natural disaster.

A copy of the message sent by the Fed to members of its Emergency Communication System (ECS), which was obtained by Reuters, warned that mailing address, business phone, mobile phone, business email, and fax numbers had been published.

"Some registrants also included optional information consisting of home phone and personal email. Despite claims to the contrary, passwords were not compromised," the Fed said.

The central bank separately confirmed the authenticity of the message to ECS members.

The website's purpose is to allow bank executives to update the Fed if their operations have been flooded or otherwise damaged in a storm or other disaster. That helps the Fed to assess the overall impact of the event on the banking system.

Hackers identifying themselves as Anonymous infiltrated the U.S. Sentencing Commission website late last month to protest the government's treatment of the Swartz case.

Swartz was charged with using the Massachusetts Institute of Technology's computer networks to steal more than 4 million articles from JSTOR, an online archive and journal distribution service. He faced a maximum sentence of 31 years if convicted.

Cyber-security specialists said that any organization's computer systems could be breached, and that it was up to an organization like the Fed to prioritize its security needs, in order to protect its most sensitive information from attack.

"Every system is going to have some vulnerability to it. You cannot set up a system that will survive all possible attacks," said Mark Rasch, director of Privacy and security consulting at CSC and a former federal cyber crimes prosecutor.

"You have to defend against every possible vulnerability and the attackers only have to find one way in," he said. (Additional reporting by Jim Finkle in Boston; Editing by Lisa Shumaker)

FILED UNDER:
Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

  • Most Popular
  • Most Shared

REUTERS SHOWCASE

Election 2014

Election 2014

Kashmiris wary as Modi challenges for power.  Full Article 

Facebook's Performance

Facebook's Performance

Facebook Q1 revenue grows 72 percent on rising mobile ads.  Full Article 

Earnings Season

Earnings Season

Bharti Infratel Q4 net profit jumps 64 percent.  Full Article 

Monsoon Forecast

Monsoon Forecast

South Asia monsoon seen below-average to average in 2014 - WMO.  Full Article 

Solar Dispute

Solar Dispute

Green groups urge U.S. to drop solar trade case against India.  Full Article 

Oil Imports

Oil Imports

India to make May-July oil payments to Iran - sources.  Full Article 

Rice Exports

Rice Exports

India may cede top rice exporter spot under Southeast Asian price onslaught.  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device.  Full Coverage