Print 40 comment(s) - last by Ammohunt.. on Feb 11 at 11:24 AM

Bankers affected say it's no big deal

Jo David Cummins, president and CEO of Community First Bank of the Heartland in Illinois, laughs off Anonymous' mid-January "hack" of a U.S. Federal Reserve database, which scooped up his record and over 4,000 others.  He tells Reuters, "It hasn't been much of a hassle.  The information that was on the contact system was the same thing that was on my business card, so it wasn’t like it was anything that could do any harm to me or the bank."

I. Adobe Flaw Likely Exploited by Hackers.

But while it may not be a big deal for most of the affected, the U.S. Federal Bureau of Investigation and the Federal Reserve are taking the incident very seriously.  Comments Federal Reserve spokesman Jim Strader, "We are in the process of a comprehensive assessment to determine what information might have been obtained in this incident.  We remain confident that this incident did not affect critical operations of the Federal Reserve."

The site that the information leaked from was dubbed Emergency Communication System (ECS).  While protected by passwords and encryption, Anonymous was able to circumvent those barriers.  

It's possible that the attackers used an SQL injection (aka "Little Bobby Tables") style attack.  Such attacks can be prevented if the requests were sanitized.

However, it's also possible that the hackers exploited well-known security flaws in Adobe Systems, Inc.'s (ADBE) Cold Fusion suite, which the site was built upon.  In mid-January -- right about the time of the attack -- Adobe patched several critical security flaws that could allow malicious users access to restricted files and even allow them to takeover servers. 

Adobe Cold Fusion
An Adobe flaw may have been responsible for the Fed hack. [Image Source: Adobe]

In the press release for the patch, Adobe stated:

This hotfix addresses vulnerabilities that could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server...  Adobe is aware of reports that four vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632, referenced in Security Advisory APSA13-01) are being exploited in the wild against ColdFusion customers.

A 2012 audit at the Fed suggested that a monitoring system be put in place to review security at third-party systems.  It's possible the ECS system may fall under that category.

The Federal Reserve System is the backbone of the American banking industry, established before the Great Depression.  The oft-criticized institution is a strange mix of private and public parts.

On the public side, regional Fed banks are largely owned by nationally chartered commercial banks, which are required to be shareholders in their local branch.  On the other hand, the federal government selects and controls the salary of many of the system's top officials; indeed the President himself personally appoints Fed's Board of Governors.

II. Hackers Still Flaming Mad About Swartz's Death

Many members of the quasi-leaderless hacktivist group Anonymous have been vocal opponents of the Fed and the U.S. commercial banking industry in general, which they label as corrupt and exploitive.

The recent attack is part of the group's dramatically titled "OpLastResort".  The operation is a manifestation of the explosion of anger over the death of online activist Aaron Swartz.  Mr. Swartz, who designed the RSS, reportedly tragically committed suicide last month after fighting a long battle with depression and government harassment.

Federal prosecutors had investigated Mr. Swartz after he dumped 4 million papers from the JSTOR network.  JSTOR hosts peer-reviewed journal papers, most of which cost money to access.  Critics of Mr. Swartz's actions argue that journal fees help sustain the costly march of research in fields such as physics, biology, and genetics.  But his supporters argue that academic research should be free to all, not pent up in some ivory cage.

Aaron Swartz

Even some of his critics, though, balked at how the feds allegedly harassed him for the breach.  A pair of petitions to fire the prosecutors involved with the criminal case -- Assistant U.S. Attorney Steve Heymann and his boss U.S. District Attorney Carmen Ortiz -- has been attracting substantial attention.  The petition to remove DA Ortiz has already received 25,000 signatures, meaning that President Barack Obama must respond to it.

III. Sabu to be Sentenced

In a related reminder, former LulzSec mastermind Hector Xavier Monsegur (handles: "Sabu", "Xavier DeLeon", and "Leon") is set to be sentenced on Feb. 22.  Mr. Monsegur had founded the sub-unit of Anonymous and in 2011 led it in hacking Sony Corp. (TYO:6758) several times and also breaching government sites.

Sabu 1
Hacker "messiah" Hector Monsegur, a former member of Anonymous's upper echelon is set to be sentenced later this month.  His sentence will likely be greatly reduced for his role in "snitching" on his fellow hackers.  [Image Source: Fox News]

Unbeknownst to his cohorts, Mr. Monsegur was located by the FBI and offered a plea deal.  The hacker accepted, and for the next few months continued to lead attacks, while allegedly serving as a double agent, feeding feds information that helped them track down other top members such as Topiary, a 19-year-old who was arrested in the UK's Shetland Islands.

The hacker was given a sentencing reprieve due to concerns about his safety and his ongoing cooperation with federal investigations.  He has plead guilty to 12 federal computer crimes, which carry a maximum theoretical sentence of 124-years.  It is likely that his sentences will at a bare minimum be reduced to being served consecutively (which greatly slashes his prison time -- for example Bank Fraud, one of his charged offenses, carries a maximum 30 year sentence).

Source: Reuters

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

These sentences are ridiculous
By Samus on 2/8/2013 12:31:08 PM , Rating: 2
Putting intelligent, non-violent people in prison sets humanity back. These people, although they broke the 'law' are not criminals of violence; financial harm at best. Information that is leaked, in my opinion, is legitimate for public view. They let bankers who collect massive illegal bonuses, insider trading, etc, serve 3 years in prison, meanwhile, hackers that do a few million in damage to corporations like Sony serve 124 years.

Where the hell is the balance? Don't even get me started on whats obviously wrong with the guys serving 5 year sentences for selling dime-bags of weed on the corner.

RE: These sentences are ridiculous
By Ammohunt on 2/8/2013 1:02:44 PM , Rating: 1
So if someone caused a "few million in damage" to your interests(assuming you had that much) you would be ok with that and not want that person to be punished?

RE: These sentences are ridiculous
By adrift02 on 2/8/2013 1:18:32 PM , Rating: 5
He's not saying they shouldn't be punished, he's saying that the system is largely skewed in favor of corporations and those in powerful positions.

The bank example is a good one. They definitely do millions in damages to people through those schemes yet get hit with incredibly lenient sentences comparatively. Even in other areas our justice system is F'ed. Drug sentencing is a great example, as are the big "pirating" cases that have hit (with incredibly unreasonable fines). Here's a controversial one: do you think a sex offender should serve a longer minimum sentence than a murderer while defending themselves as "guilty until proven innocent"? More common than you'd think.

Everything needs to be re-worked because as Anonymous claimed, we crossed that "cruel and unreasonable punishment" line a long time ago to protect corporate interests and political mongering.

RE: These sentences are ridiculous
By cubby1223 on 2/9/13, Rating: 0
By roykahn on 2/9/2013 11:54:19 PM , Rating: 2
You sound just like any tyrant who is describing rebellious groups of people. Say hi to Bashar for me.

Any group of people who seek to improve their rights and raise awareness through civil disobedience go through the same criticism. History repeats.

RE: These sentences are ridiculous
By ritualm on 2/8/2013 6:27:02 PM , Rating: 1
You personally said we should punish black hat hackers with prison terms because they are an affront to the so-called law and order in "a nation of laws".

Meanwhile, because we're sending these folks to prison and Death Row, we find ourselves unable to defend against black hat hackers from the Chinese PLA wreaking havoc on our information systems.

Ammohunt, how does it feel to repeatedly shoot yourself in the foot while your neighbor has your jugular vein squarely in their AR-15 crosshairs?

RE: These sentences are ridiculous
By Armageddonite on 2/8/2013 7:23:35 PM , Rating: 2
1. Which hackers have been sent to "Death Row"?? Provide names.

2. The Chinese hackers usually attack the same targets as Anonymous. These so-called hacktivists are not heroes, they're as bad as a hostile foreign organization.

3. Ammohunt's alleged psychotic neighbor has nothing to do with this discussion.

RE: These sentences are ridiculous
By ritualm on 2/9/2013 1:40:09 PM , Rating: 3
1. Which hackers have been sent to "Death Row"?? Provide names.

2. The Chinese hackers usually attack the same targets as Anonymous. These so-called hacktivists are not heroes, they're as bad as a hostile foreign organization.

3. Ammohunt's alleged psychotic neighbor has nothing to do with this discussion.

1. Exactly how many white-collar financial executives were sent to prison with hefty jail terms or Death Row over their misdeeds, which affected thousands of innocent people and cost taxpayers upwards of billions?

Now compare to how many computer-literate and savvy folks who received jail terms for their comparatively-harmless behavior?

You don't need quack scientists to see why this is full of bull.

2. The problem with your rationale is we're actively sending our best and brightest in computer security into prisons and/or exporting them to China. Why bother to improve information security this side of the globe when doing just that lands you lengthy jail terms and a guaranteed conviction that bars you from ever constructively contributing to society?

When merely unlocking your phone results in a $1-million fine plus many weeks behind bars, why bother?

The political leaders in Washington currently do not care about cybersecurity of this nation, which is already worrisome enough. But to create more disincentives through repressive law regimes towards decreasing the likelihood of standing on the loser side of cyberwar?

What the hell is wrong with you?

3. You haven't read his latest posts:
So China employs criminals and we put them in jail. As a nation of laws i am not seeing the issue here. If these blackhats had any concern for western civilization they would put on a white hat and contribute to society in a positive way.

This is not the movies! black hats with any skill are in it for personal gain, creating chaos and perhaps the thrill of being bad. Asking them to fight for a concept foreign to them such as the greater good as defined by someone else is laughable at best.

Number one - and I'm sure you'll agree - there is no such thing as a "nation of laws" in this country. What laws? The DMCA, Patriot Act, Department of Homeland Security... these aren't enough proof that the upper echelons of power is ridden with criminals? We even have a president willing to bend us all over with obscure Executive Orders, completely bypassing what little judicial protections and measures that still exist.

Number two - those hacktivists are not the problem. The root cause is none of the retards at Washington DC takes cybersecurity seriously. All half-assed appearances at beginner security theater, nothing of real substantial value is done, forcing the rest of us to take matters into our own hands. Oh but we cannot do that because that act alone is a criminal felony!

Number three - is this really the message you want to advertise to China? To encourage them to continue hacking us, because we're leaving the door wide open for their e-thieving fingers, while believing there is absolutely no downside in cutting the hands that feed us?

Both you and Ammohunt are delusional.

By hero_of_zero on 2/9/2013 5:18:09 PM , Rating: 2
Executive Orders bit you mad because that the only real power your prez even has?Take that power away then what power would the elected prez have?It would turn him and or her into the queen of england.Be there for show but can't do jack.
Then you could just removed the position of prez and let your fine fine senate and your excellent highly loved congress with it super duper high approval rating fun free ...

By Simple_Man on 2/10/2013 6:28:00 PM , Rating: 2
1. Names? What names?

"because a truly skeptical position would be a very uncertain one"

RE: These sentences are ridiculous
By Ammohunt on 2/11/2013 11:07:55 AM , Rating: 2
Ammohunt, how does it feel to repeatedly shoot yourself in the foot while your neighbor has your jugular vein squarely in their AR-15 crosshairs?

That would be a sight to see! My neighbours are ex-Mennonite pacifist hippies good people just wrong.

RE: These sentences are ridiculous
By Ammohunt on 2/11/2013 11:24:24 AM , Rating: 1
And by the way if these guys want to change the world you don't do it piss ant by overt action. You do it by changing minds and building a majority opinion. They have the same problem that all these anti-governemnt guys with a desire to start a revolution do; i.e. you don't bomb a federal building affecting innocent people and expect everyone to endear themselves to you and join you in a revolution! Sinn Féin ring a bell? If you can convince ordinary people your ideas are better they will for the most part naturally follow your lead..i see no leadership in Anonymous. Anonymous actions appear to most as a spoiled malcontent minority opinion throwing a tantrum = net affect 0.

RE: These sentences are ridiculous
By Reclaimer77 on 2/8/13, Rating: 0
By hero_of_zero on 2/9/2013 5:20:25 PM , Rating: 2
hey if you are white in certain states just say i stood my ground you probably get off.ain't like dead people can defend themselves.

RE: These sentences are ridiculous
By roykahn on 2/10/2013 12:16:51 AM , Rating: 2
I have a car, mace and a gun. So hey, I'll just go out tonight and enforce the law.

I have a hoodie so I'll just go out tonight and buy a packet of skittles.

By cubby1223 on 2/9/2013 2:32:20 PM , Rating: 1
They let bankers who collect massive illegal bonuses, insider trading, etc, serve 3 years in prison, meanwhile, hackers that do a few million in damage to corporations like Sony serve 124 years.

Please provide a link showing when a hacker has been sentenced to 124 years.

By improperlatin on 2/8/2013 12:39:29 PM , Rating: 2
"The Federal Reserve System is the backbone of the American banking industry, established after the Great Depression. The oft-criticized institution is a strange mix of private and public parts."

This sentence certainly makes the Fed seem more legitimate than the truth would. The Federal Reserve Act was passed in December of 1913, nearly 100 years ago, and nearly 15 years before the Great Depression. Some researchers have actually blamed the creation of the Federal Reserve System for the Great Depression.

RE: Nitpick
By espaghetti on 2/8/2013 2:13:29 PM , Rating: 3
Some researchers have actually blamed the creation of the Federal Reserve System for the Great Depression.

I've heard credible researchers say FDR was responsible for the Great Depression.

The income tax rate ballooned for anyone making over $100,000, from 25% to over 50% his first year (1932). By 1945 (his last year) it was 88%.

In my opinion, this is why the depression lasted until WW2.

RE: Nitpick
By Integral9 on 2/8/13, Rating: 0
RE: Nitpick
By RufusM on 2/8/2013 5:01:00 PM , Rating: 2
This is also why we need to go back to having two separate types of banks:

Commercial Banks
Investment Banks

These institutions were kept separate since 1933. Lessons were learned in the Great Depression that Commercial Banks should not be making risky investments in the market, since they have a much higher probability of going under than if they stick to just lending money.

Fast forward to 1999 and the Gramm-Leach-Bliley Act. This repealed the banking separation letting Commercial Banks make risky investments in the market, getting them chained to all of those crap CBO's and other products offered by the Investment Banks when they were going under.

Many Commercial Banks were bailed out. If they weren't bailed out they would've went under causing the FDIC to have to back their depositor's dollars with taxpayer money.

Either way the taxpayer's lose. It's a good system for the banks.

RE: Nitpick
By Reclaimer77 on 2/8/2013 7:29:50 PM , Rating: 2
Yeaaah nice theory, but meanwhile in the real world we can clearly see that recessions and depressions have been happening at ever increasing rates since the Federal Reserve act of 1913. Someone like you probably thought it was a great idea to give the Government unlimited financial power.

"The Congress established three key objectives for monetary policy in the Federal Reserve Act: Maximum employment, stable prices, and moderate long-term interest rates" - Wikipedia

Gee what could go wrong right? Well today we have minimum employment, unstable prices, and a zero percent interest rate. Government's track record is just flawless here /sarcasm

Those who don't know their history are doomed to repeat it.

I couldn't agree more. Too bad you are ignoring half of the "history" on this subject.

RE: Nitpick
By Armageddonite on 2/8/2013 7:43:48 PM , Rating: 2
Several small recessions are better than one huge depression, the likes of which have not been seen since. And probably never will be again, provided the people in charge of oversight don't get caught napping on duty like in 2007-2008.

RE: Nitpick
By Reclaimer77 on 2/8/2013 7:51:32 PM , Rating: 1
You don't do math too well do you? The "Great Depression" happened AFTER the Federal Reserve act. Hello?

By the way the Great Depression wasn't an American problem. It was a world-wide economic event. So I don't think an argument can be made that it was caused, or could have been prevented, by US Government action.

As usual those who favor a large centralized Government interpret history one way, and those who don't another.

RE: Nitpick
By TSS on 2/10/2013 9:24:02 PM , Rating: 2
History didn't start at 1913. The federal reserve was created in response to several severe depressions around the start of the 20th century.

If my memory serves me right it's actually the USA's second central bank, the first one being abolished after another depression hit a few years after it's creation (around 1876 i thought?) which is why it took untill well into the 20th century before bankers could try again.

So, wether or not there is a central bank really doesn't matter if bankers are still able to manipulate the supply of money (back then it was hoarding gold to cause deflation and a depression though it). Get rid of the fed, and the bankers will simply refuse to give out loans until there is a credit crunch.

Infact if the fed wasn't pumping $85 billion a month into the market that'd already caused a full blown depression a la 1930's. So, funnily enough, the fed is for once doing their job. It's just that the beliefs it was founded on will lead to an even more destructive path, just later.

Getting rid of the fed isn't enough. You first need to split banks into one bank that's not about getting more money, but keeping the money you have, and a investment bank that can gamble all it likes with it's clients money for as high as a return they like, but the taxpayer won't be responsible for when those fail. Then you need credible people in government that uphold that rule and don't change it no matter what happens.

It's the only way. The reason the US did well before the period before the civil war is because it was run by idealists, who thought their ideals outweighed all other things, material or otherwise. No matter what system you abolish or what system you put in it's place, good government is where it starts. not big, not small, good.

Oh yes, we are watching.
By doesnotforget on 2/8/2013 6:32:24 PM , Rating: 2
The odd part about all of these government types going after individuals, is they claim to be going after "anonymous" which is dumb. It's literally saying they are going after "no one in particular" I find it quite lulzy how everyone is still going after a group of people created by fox news in order to scare people into buying dogs. At least be specific and mention lulzsec or something - because if you have a name, then you're really not* anonymous are you?

RE: Oh yes, we are watching.
By cubby1223 on 2/9/2013 2:36:38 PM , Rating: 1
I guess we can certainly turn the discussion into an Abbott and Costello routine if you want, but I still don't think you'd "get it".

By toyotabedzrock on 2/8/2013 4:47:18 PM , Rating: 2
He never dumped the jstor articles anywhere.

And jstor hosts public funded research.

By VeronicaGibbs22 on 2/10/2013 7:06:45 PM , Rating: 2
uptil I saw the check for $4024, I accept that my neighbours mother had been actualy erning money part-time at there computar.. there best friend started doing this 4 only about 6 months and resently paid the debts on their house and bourt a great Mitsubishi Evo. we looked here, Great60.comCHECK IT OUT

By Ammohunt on 2/8/13, Rating: -1
RE: Idea
By JasonMick on 2/8/2013 1:13:16 PM , Rating: 4
Reminds me of my hippie neighbor that complains about the evil corporate system aka "The System"
"I ain't a part of your system... my dad's not a phone. DUH!"

RE: Idea
By geddarkstorm on 2/8/2013 6:55:46 PM , Rating: 3
"Happy birthday to the groooouund!"

RE: Idea
By toyotabedzrock on 2/8/2013 4:52:11 PM , Rating: 2
The Libertarian wing of anonymous dislikes the FED. The progressive and liberal wings are more concerned about banks that interact with customers.

RE: Idea
By Milliamp on 2/8/2013 6:30:31 PM , Rating: 3
Meanwhile many of them also generally support obamacare, government run education, net neutrality legislation, municipal broadband etc.

Everyone wants a smaller government but then they want government expansion when it comes to their own pet issues.

RE: Idea
By roykahn on 2/10/2013 12:34:21 AM , Rating: 2
Everyone wants a smaller government but then they want government expansion when it comes to their own pet issues.

I'm glad you wrote that because it's mostly true. You want cheap oil & gas prices? Well guess what? You'll need a large army and a vast array of weaponry to control the Middle East. You'll need to provide military aid to countries like Israel, Egypt and Bahrain who do a lovely job of "maintaining stability". You'll also need to spend money to subsidize the oil and gas companies. Why don't we also remove any environmental protections so that the people and wildlife get sick from pollution. So keep enjoying your cheap fuel while the cost of doing so is conveniently ignored amidst cries of "protecting our freedom".

RE: Idea
By Armageddonite on 2/8/2013 7:27:04 PM , Rating: 2
Both groups are doing something wrong. Whether or not the target of the crime deserves it is irrelevant. It's rabid torch-bearing mob justice on a digital frontier.

I hope that...
By Beenthere on 2/8/13, Rating: -1
RE: I hope that...
By ritualm on 2/9/2013 2:47:05 PM , Rating: 1
They went after the communists, and I didn't care because I wasn't a communist.
Then they went after the jews, and I didn't care because I wasn't a jew.
Then they went after the jobless, and I didn't care because I have a job.
Then they went after me, and there is nobody left to defend for me.

RE: I hope that...
By Skywalker123 on 2/10/2013 1:39:16 PM , Rating: 3
Please kill yourself before you post again

"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Yahoo Hacked - Change Your Passwords and Security Info ASAP!
September 23, 2016, 5:45 AM
A is for Apples
September 23, 2016, 5:32 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki