Print 40 comment(s) - last by Ammohunt.. on Feb 11 at 11:24 AM

Bankers affected say it's no big deal

Jo David Cummins, president and CEO of Community First Bank of the Heartland in Illinois, laughs off Anonymous' mid-January "hack" of a U.S. Federal Reserve database, which scooped up his record and over 4,000 others.  He tells Reuters, "It hasn't been much of a hassle.  The information that was on the contact system was the same thing that was on my business card, so it wasn’t like it was anything that could do any harm to me or the bank."

I. Adobe Flaw Likely Exploited by Hackers.

But while it may not be a big deal for most of the affected, the U.S. Federal Bureau of Investigation and the Federal Reserve are taking the incident very seriously.  Comments Federal Reserve spokesman Jim Strader, "We are in the process of a comprehensive assessment to determine what information might have been obtained in this incident.  We remain confident that this incident did not affect critical operations of the Federal Reserve."

The site that the information leaked from was dubbed Emergency Communication System (ECS).  While protected by passwords and encryption, Anonymous was able to circumvent those barriers.  

It's possible that the attackers used an SQL injection (aka "Little Bobby Tables") style attack.  Such attacks can be prevented if the requests were sanitized.

However, it's also possible that the hackers exploited well-known security flaws in Adobe Systems, Inc.'s (ADBE) Cold Fusion suite, which the site was built upon.  In mid-January -- right about the time of the attack -- Adobe patched several critical security flaws that could allow malicious users access to restricted files and even allow them to takeover servers. 

Adobe Cold Fusion
An Adobe flaw may have been responsible for the Fed hack. [Image Source: Adobe]

In the press release for the patch, Adobe stated:

This hotfix addresses vulnerabilities that could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server...  Adobe is aware of reports that four vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632, referenced in Security Advisory APSA13-01) are being exploited in the wild against ColdFusion customers.

A 2012 audit at the Fed suggested that a monitoring system be put in place to review security at third-party systems.  It's possible the ECS system may fall under that category.

The Federal Reserve System is the backbone of the American banking industry, established before the Great Depression.  The oft-criticized institution is a strange mix of private and public parts.

On the public side, regional Fed banks are largely owned by nationally chartered commercial banks, which are required to be shareholders in their local branch.  On the other hand, the federal government selects and controls the salary of many of the system's top officials; indeed the President himself personally appoints Fed's Board of Governors.

II. Hackers Still Flaming Mad About Swartz's Death

Many members of the quasi-leaderless hacktivist group Anonymous have been vocal opponents of the Fed and the U.S. commercial banking industry in general, which they label as corrupt and exploitive.

The recent attack is part of the group's dramatically titled "OpLastResort".  The operation is a manifestation of the explosion of anger over the death of online activist Aaron Swartz.  Mr. Swartz, who designed the RSS, reportedly tragically committed suicide last month after fighting a long battle with depression and government harassment.

Federal prosecutors had investigated Mr. Swartz after he dumped 4 million papers from the JSTOR network.  JSTOR hosts peer-reviewed journal papers, most of which cost money to access.  Critics of Mr. Swartz's actions argue that journal fees help sustain the costly march of research in fields such as physics, biology, and genetics.  But his supporters argue that academic research should be free to all, not pent up in some ivory cage.

Aaron Swartz

Even some of his critics, though, balked at how the feds allegedly harassed him for the breach.  A pair of petitions to fire the prosecutors involved with the criminal case -- Assistant U.S. Attorney Steve Heymann and his boss U.S. District Attorney Carmen Ortiz -- has been attracting substantial attention.  The petition to remove DA Ortiz has already received 25,000 signatures, meaning that President Barack Obama must respond to it.

III. Sabu to be Sentenced

In a related reminder, former LulzSec mastermind Hector Xavier Monsegur (handles: "Sabu", "Xavier DeLeon", and "Leon") is set to be sentenced on Feb. 22.  Mr. Monsegur had founded the sub-unit of Anonymous and in 2011 led it in hacking Sony Corp. (TYO:6758) several times and also breaching government sites.

Sabu 1
Hacker "messiah" Hector Monsegur, a former member of Anonymous's upper echelon is set to be sentenced later this month.  His sentence will likely be greatly reduced for his role in "snitching" on his fellow hackers.  [Image Source: Fox News]

Unbeknownst to his cohorts, Mr. Monsegur was located by the FBI and offered a plea deal.  The hacker accepted, and for the next few months continued to lead attacks, while allegedly serving as a double agent, feeding feds information that helped them track down other top members such as Topiary, a 19-year-old who was arrested in the UK's Shetland Islands.

The hacker was given a sentencing reprieve due to concerns about his safety and his ongoing cooperation with federal investigations.  He has plead guilty to 12 federal computer crimes, which carry a maximum theoretical sentence of 124-years.  It is likely that his sentences will at a bare minimum be reduced to being served consecutively (which greatly slashes his prison time -- for example Bank Fraud, one of his charged offenses, carries a maximum 30 year sentence).

Source: Reuters

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Nitpick
By Armageddonite on 2/8/2013 7:43:48 PM , Rating: 2
Several small recessions are better than one huge depression, the likes of which have not been seen since. And probably never will be again, provided the people in charge of oversight don't get caught napping on duty like in 2007-2008.

RE: Nitpick
By Reclaimer77 on 2/8/2013 7:51:32 PM , Rating: 1
You don't do math too well do you? The "Great Depression" happened AFTER the Federal Reserve act. Hello?

By the way the Great Depression wasn't an American problem. It was a world-wide economic event. So I don't think an argument can be made that it was caused, or could have been prevented, by US Government action.

As usual those who favor a large centralized Government interpret history one way, and those who don't another.

RE: Nitpick
By TSS on 2/10/2013 9:24:02 PM , Rating: 2
History didn't start at 1913. The federal reserve was created in response to several severe depressions around the start of the 20th century.

If my memory serves me right it's actually the USA's second central bank, the first one being abolished after another depression hit a few years after it's creation (around 1876 i thought?) which is why it took untill well into the 20th century before bankers could try again.

So, wether or not there is a central bank really doesn't matter if bankers are still able to manipulate the supply of money (back then it was hoarding gold to cause deflation and a depression though it). Get rid of the fed, and the bankers will simply refuse to give out loans until there is a credit crunch.

Infact if the fed wasn't pumping $85 billion a month into the market that'd already caused a full blown depression a la 1930's. So, funnily enough, the fed is for once doing their job. It's just that the beliefs it was founded on will lead to an even more destructive path, just later.

Getting rid of the fed isn't enough. You first need to split banks into one bank that's not about getting more money, but keeping the money you have, and a investment bank that can gamble all it likes with it's clients money for as high as a return they like, but the taxpayer won't be responsible for when those fail. Then you need credible people in government that uphold that rule and don't change it no matter what happens.

It's the only way. The reason the US did well before the period before the civil war is because it was run by idealists, who thought their ideals outweighed all other things, material or otherwise. No matter what system you abolish or what system you put in it's place, good government is where it starts. not big, not small, good.

"I'd be pissed too, but you didn't have to go all Minority Report on his ass!" -- Jon Stewart on police raiding Gizmodo editor Jason Chen's home

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki