Anonymous hacked into the Federal Reserve over the weekend, but no critical information was stolen according to the US central bank.
The Federal Reserve has confirmed that one of its internal websites was compromised on Sunday, with Anonymous ironically posting the stolen information relating to 4,000 US bank executives on the website of the Alabama Criminal Justice Information Center. The webpage has since been taken offline.
The information accessed included login information and credentials, IP addresses, and contact information of the executives, along with the mobile and home phone numbers of some of the 4,000 individuals.
"The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product," a spokeswoman told Reuters.
"Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system," the spokeswoman said, adding that all individuals affected by the breach had been contacted.
Operation Last Resort
The hack was carried out as part of the Operation Last Resort (#OpLastResort) campaign which a group of hackers affiliated with Anonymous began in the wake of Aaron Swartz committing suicide last month. Last week the group defaced a US government website to announce the campaign.
Announcing the new campaign last week, the group also indicated that it had been "infiltrating" numerous other US government websites. The group claims to have stolen a lot of sensitive information which it is threatening to make public if the US government does not agree top reform "outdated and poorly-envisioned legislation."
While the Federal Reserve has declined to indicate exactly which website on its system was hacked, Reuters has obtained a copy of the email sent to members of the Emergency Communication System (ECS) warning that mailing address, business phone, mobile phone, business email, and fax numbers had been published.
"Some registrants also included optional information consisting of home phone and personal email. Despite claims to the contrary, passwords were not compromised," the email read.
The purpose of the ECS website is to allow bank executives to update the Federal Reserve if their operations have been flooded or otherwise damaged in a storm or other disaster. That helps the Fed to assess the overall impact of the event on the banking system.
The intrusion comes less than three months after US lawmakers failed to advance legislation aimed at safeguarding computer networks considered vital to US economic and national security.
In October, President Barack Obama signed a separate cybersecurity directive authorising the National Security Agency and other military units to take more aggressive action to defeat attacks on government and private computer systems.
Earlier this week, the New York Times reported that a secret legal review on the use of America's growing arsenal of cyberweapons has concluded that President Obama has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad, according to officials involved in the review.
In recent months a number of high profile US banks including Bank of America Corp. and JPMorgan Chase & Co. have been targeted with Distributed Denial of Service (DDoS) attacks, flooding the banks' websites with traffic and disrupting access for online customers.
While some in the cyber-security industry are pointing the finger at Iran, seen as retaliation at perceived attacks on its own systems by the West, others believe the attacks are not sophisticated enough for nation state attacks.