FBI Opens Fresh Criminal Investigation Into Anonymous Following Hack
February 8, 2013 11:42 AM
Bankers affected say it's no big deal
Jo David Cummins, president and CEO of Community First Bank of the Heartland in Illinois, laughs off
' mid-January "hack"
U.S. Federal Reserve
database, which scooped up his record and over 4,000 others. He
, "It hasn't been much of a hassle. The information that was on the contact system was the same thing that was on my business card, so it wasn’t like it was anything that could do any harm to me or the bank."
I. Adobe Flaw Likely Exploited by Hackers.
But while it may not be a big deal for most of the affected, the
U.S. Federal Bureau of Investigation
and the Federal Reserve are taking the incident very seriously. Comments Federal Reserve spokesman Jim Strader, "We are in the process of a comprehensive assessment to determine what information might have been obtained in this incident. We remain confident that this incident did not affect critical operations of the Federal Reserve."
The site that the information leaked from was dubbed
Emergency Communication System
(ECS). While protected by passwords and encryption,
was able to circumvent those barriers.
It's possible that the attackers used an SQL injection (aka "
Little Bobby Tables
") style attack. Such attacks can be prevented if the requests were sanitized.
However, it's also possible that the hackers exploited well-known security flaws in Adobe Systems, Inc.'s (
) Cold Fusion suite, which the site was built upon. In mid-January -- right about the time of the attack -- Adobe patched several critical security flaws that could allow malicious users access to restricted files and even allow them to takeover servers.
An Adobe flaw may have been responsible for the Fed hack. [Image Source: Adobe]
for the patch, Adobe stated:
This hotfix addresses vulnerabilities that could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server... Adobe is aware of reports that four vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632, referenced in Security Advisory APSA13-01)
are being exploited in the wild against ColdFusion customers.
A 2012 audit at the Fed suggested that a monitoring system be put in place to review security at third-party systems. It's possible the ECS system may fall under that category.
The Federal Reserve System is the backbone of the American banking industry, established before the Great Depression. The oft-criticized institution is a strange mix of private and public parts.
On the public side, regional Fed banks are largely owned by nationally chartered commercial banks, which are required to be shareholders in their local branch. On the other hand, the federal government selects and controls the salary of many of the system's top officials; indeed the President himself personally appoints Fed's Board of Governors.
II. Hackers Still Flaming Mad About Swartz's Death
Many members of the quasi-leaderless hacktivist group
have been vocal opponents of the Fed and the U.S. commercial banking industry in general, which they label as corrupt and exploitive.
The recent attack is part of the group's
dramatically titled "OpLastResort"
. The operation is a manifestation of the explosion of anger over the death of online activist Aaron Swartz. Mr. Swartz, who designed the RSS, reportedly tragically committed suicide last month after fighting a long battle
with depression and government harassment
Federal prosecutors had investigated Mr. Swartz after he dumped 4 million papers from the JSTOR network. JSTOR hosts peer-reviewed journal papers, most of which cost money to access. Critics of Mr. Swartz's actions argue that journal fees help sustain the costly march of research in fields such as physics, biology, and genetics. But his supporters argue that academic research should be free to all, not pent up in some ivory cage.
Even some of his critics, though, balked at how the feds allegedly harassed him for the breach.
to fire the prosecutors involved with the criminal case -- Assistant U.S. Attorney Steve Heymann and his boss U.S. District Attorney Carmen Ortiz -- has been attracting substantial attention. The petition to remove DA Ortiz has already received 25,000 signatures, meaning that President Barack Obama must respond to it.
III. Sabu to be Sentenced
In a related reminder, former
mastermind Hector Xavier Monsegur (handles: "Sabu", "Xavier DeLeon", and "Leon") is set to be sentenced on Feb. 22. Mr. Monsegur had founded the sub-unit of
and in 2011
led it in hacking Sony
breaching government sites
Hacker "messiah" Hector Monsegur, a former member of
's upper echelon is set to be sentenced later this month. His sentence will likely be greatly reduced for his role in "snitching" on his fellow hackers. [Image Source: Fox News]
Unbeknownst to his cohorts, Mr. Monsegur was located by the FBI and offered a plea deal. The hacker accepted, and for the next few months continued to lead attacks, while
allegedly serving as a double agent
, feeding feds information that helped them
track down other top members
such as Topiary
, a 19-year-old who was
arrested in the UK's Shetland Islands
The hacker was given a sentencing reprieve due to concerns about his safety and his ongoing cooperation with federal investigations. He has plead guilty to 12 federal computer crimes, which carry a maximum theoretical sentence of 124-years. It is likely that his sentences will at a bare minimum be reduced to being served consecutively (which greatly slashes his prison time -- for example Bank Fraud, one of his charged offenses, carries a maximum 30 year sentence).
"It's okay. The scenarios aren't that clear. But it's good looking. [Steve Jobs] does good design, and [the iPad] is absolutely a good example of that." -- Bill Gates on the Apple iPad
Federal Reserve Hacked, WSJ Still Under Heavy Fire From Chinese Hackers
February 6, 2013, 1:50 PM
House Committee Questions Aaron Swartz Charges in Letter to DOJ
January 29, 2013, 5:08 PM
Anonymous Declares War on the U.S. Government Following Aaron Swartz' Suicide
January 26, 2013, 1:43 PM
Betrayed by Their Chief: LulzSec Don Helps FBI Take Down his Underlings
March 6, 2012, 3:25 PM
More Anonymous and LulzSec Folks End up in Prison Awaiting Charges
September 23, 2011, 9:51 AM
Smartphone ‘Orders’ body to treat diabetes
April 29, 2017, 7:06 AM
Science & Environment
February 20, 2017, 6:37 AM
The USA’s newest weather satellite sends first photos.
January 24, 2017, 6:41 AM
Netflix took a decision to invest in original content
January 19, 2017, 7:00 AM
Amazon Airborne Fulfillment Center – Your Merchandise Drop-Shipped from the Clouds
December 29, 2016, 5:00 AM
Amazon is experimenting with a new kind of grocery stores, Amazon Go
December 8, 2016, 5:00 AM
Most Popular Articles
Surface Pro 5 Rumors - New Release Date and Price
April 22, 2017, 6:45 AM
Apple Watch NikeLab Limited Edition unveiled.
April 22, 2017, 6:20 AM
SAPPHIRE PULSE Radeon RX 580 8GD5 – Great Value for the Money
April 20, 2017, 7:47 AM
Meet the Smartphone with four cameras - Alcatel Flashphone
April 5, 2017, 11:20 AM
Dell Inspiron 17 7000 – A Premium Laptop featuring 7th Gen Intel Core i7 in a 2-in-1 Frame.
April 19, 2017, 7:45 AM
Latest Blog Posts
Galaxy Note 8 – Available Second Half 2017
Apr 28, 2017, 7:30 AM
Google Android App – Huge improvement on Nighttime Photography
Apr 27, 2017, 7:40 AM
Google Co-Founder, Sergey Brin has an Airship
Apr 26, 2017, 6:43 AM
Samsung Galaxy S8 and S8 Plus – Lots of Glass that Breaks Easily
Apr 25, 2017, 7:20 AM
Samsung Galaxy S8 – Warning for Pet Owners
Apr 24, 2017, 5:59 AM
Sound Bars and the Costs?
Apr 23, 2017, 6:30 AM
Link your Brain to Your Computer – In Four Years…Maybe
Apr 22, 2017, 7:03 AM
Google Home can now identify users by their voice.
Apr 21, 2017, 7:15 AM
Amazon Lex – Now Available for Developers.
Apr 20, 2017, 6:58 AM
You can now use Instagram offline on your Android Smartphone
Apr 19, 2017, 8:00 AM
Now you can livestream to YouTube from your mobile device.
Apr 18, 2017, 8:05 AM
Google Home – Is It a Spy Device?
Apr 17, 2017, 7:30 AM
Apple added to self –driving test permit list
Apr 15, 2017, 6:21 AM
Project Scorpio – Coming on June 11
Apr 14, 2017, 6:20 AM
Looks Like Samsung Has Been Forgiven.
Apr 13, 2017, 6:50 AM
United Airlines - Blasted on China’s Social Network and the Stock Market
Apr 12, 2017, 6:50 AM
Amazon's Third-Party Sellers Hacked
Apr 11, 2017, 6:25 AM
Microsoft Surface Pro5 Details Revealed
Apr 9, 2017, 6:41 AM
Own An Android Phone? Then you could be hacked over Wi-FI
Apr 7, 2017, 6:47 AM
Apple confirms iOS 10.3 bug and its effect on iCloud Services
Apr 6, 2017, 6:30 AM
Apple Rolls Out New Version of Apple Music
Apr 5, 2017, 10:35 AM
Apple in the News
Apr 4, 2017, 9:03 AM
More Blog Posts
Copyright 2017 DailyTech LLC. -
Terms, Conditions & Privacy Information