RegulationSecurityWorkspace

US Federal Reserve Admits ‘Revenge’ Breach By Anonymous Over Swartz

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

US Federal Reserve admits hack but doesn’t name names

The US Federal Reserve bank has admitted to being on the wrong end of a hack attack, following claims from Anonymous that it made off with data on over 4,000 bank executives, in reprisals after the suicide of free speech campaigner Aaron Swartz.

The hacktivist group claimed, over its Op Last Resort Twitter feed on 4 February, it had leaked the data, publishing a spreadsheet of what appeared to be login details, email addresses and names of various banking officials.

According to reports, the spreadsheet also appeared on a government website, presumably via a cross-site scripting (XSS) attack.

Aaron Swartz 2Anonymous ‘minidrop’

Anonymous said this was just a “minidrop”. Whilst the Federal Reserve didn’t go into full detail on the attack, or whether it believed Anonymous was behind the hit, it admitted a breach had occurred.

“The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product,” a spokesperson for the US Federal Reserve said.

“Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system.”

The hacktivist group is carrying out the Op Last Resort attacks in response to the death of Aaron Swartz, the Internet activist who committed suicide last month. Swartz’s family members have criticised the government and law enforcement for pursuing a case against him, after he allegedly siphoned off files from online archive JSTOR from MIT.

Anonymous claimed it had hacked into a host of federal government websites in the US over the past two months. It said it had removed all traces of itself and taken down the “injection apparatus” used to infiltrate “vulnerable” machines.

Following attacks on the US Department of Justice and the Federal Reserve, Anonymous appears to be fulfilling its promises in this particular campaign.

Are you a security expert? Try our quiz!