The Federal Reserve has confirmed that hackers penetrated the central bank’s security. The hackivist group Anonymous has claimed responsibility and has posted 4,000 bank executive credentials obtained from the hack.
Anonymous appears to have published login and private information from over 4,000 American bank executive accounts in the name of its new Operation Last Resort campaign, demanding U.S. computer crime law reform. A spreadsheet has been published on a .gov website allegedly containing login information and credentials, IP addresses, and contact information of American bank executives.
If true, it could be that Anonymous has released banker information that could be connected to Federal Reserve computers, including contact information and cell phone numbers for U.S. bank Presidents, Vice Presidents, COO’s Branch Managers, VP’s and more.
While confirming there was a breach the Federal Reserve played down the significance claiming none of the central bank’s critical operations were affected. Others are disagreeing with that characterization positing that the attack was more substantive given that the database exposed belongs to the St. Louis Fed Emergency Communication System.
ECS is the emergency communications system for seventeen states, with plans to add seven new states this year. ECS estimates it holds 40 percent of America’s state-chartered banks as its users.
The ECS was deployed in 2008 and is the means by which bank supervisory agencies such as the Bank Department and the Federal Reserve Supervision and Regulation functions to communicate with financial institutions during emergencies.
The ECS system enables agencies to establish two-way communications channels with institutions during a crisis to exchange critical information; crises such as natural or man-made disasters (weather, fire, and so on), “chemical biological events or threats,” and “events affecting the financial markets.”
Sensitive information on thousands at state-charter banks and credit unions—including login information, credentials, IP addresses, and contact information—was listed in a spreadsheet and posted to a government site, then announced and claimed by the “Operation Last Resort” faction of Anonymous.
While the url for the download has been shutdown the information is still circulating throughout the web with the full extent of the damage from the hack unknown. Nor is it known if this is the last hack of Operation Last Resort.