The Federal Bureau of Investigation (FBI) is on the case as the U.S. Federal Reserve continues to determine the extent of Sunday’s hack of its computer systems.
Hacking group Anonymous claims to have filched the details of more than 4,000 U.S. banking executives from the password-protected Emergency Communication System. The purpose of the system, supervised by the St. Louis Federal Reserve Bank, is to supply bank contact information should a disaster, natural or otherwise, occur.
Anonymous posted the data on the Alabama Criminal Justice Information Center website, lending credence to the group’s claims. The data has since been removed.
The Federal Reserve, which supervises and regulates U.S. banking institutions and U.S. monetary policy, is responsible for storing and transmitting confidential information. The hacking incident has been a source of humiliation for the Fed, as questions continue to be raised about its security practices.
“We are in the process of a comprehensive assessment to determine what information might have been obtained in this incident,” Federal Reserve spokesman Jim Strader told Reuters Feb. 7. “We remain confident that this incident did not affect critical operations of the Federal Reserve.”
Strader also told Reuters it is possible the hackers obtained more information than released thus far, meaning another online data dump could occur. He did not say, however, if the additional information was obtained from the Emergency Communication System or another site.
Strader’s comment was the first concession by the agency that it has yet to discover the full extent of the hack.
Earlier this week, officials downplayed the incident, inferring the breach of its systems was not serious and had been fully dealt with.
“The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product,” a spokeswoman told Reuters Feb. 5. “Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system.”
She added that all individuals affected by the breach have been contacted.
Reuters obtained a copy of the e-mail sent by the Fed to members of its Emergency Communication System. The message said mailing address, business phone, cellphone, business e-mail, and fax numbers had been published.
“Some registrants also included optional information consisting of home phone and personal e-mail. Despite claims to the contrary, passwords were not compromised,” the Fed said.
The Anonymous hack, part of the group’s Operation Last Resort campaign, was an act of revenge for the government’s treatment of Internet activist Aaron Swartz who committed suicide Jan. 11, the group has said.
Swartz died just weeks before his trial was to begin after being indicted on wire fraud, computer fraud, unlawfully obtaining information from a protected computer, recklessly damaging a protected computer, aiding and abetting and criminal forfeiture. Swartz faced up to $1 million in fines and 35 years in prison for his alleged connection to someone illegally accessing subscription-only service JSTOR via the computer network at MIT and downloading 4.8 million articles to distribute freely.
The group has also made demands for the reform of U.S. computer crime laws in the wake of Swartz’s suicide.
The following post appeared on the OpLastResort’s Twitter feed Fed. 3: