February 7, 2013
The Federal Reserve Bank in Washington, DC, confirmed that they suffered from an online breach. A spokeswoman from the Fed said: “The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product. Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system.”
There was an indiscriminate reference to the nameless, faceless hacker group Anonymous made by the Fed spokeswoman who said that they alerted their customers that private information was hacked into over the past weekend.
The Fed asserts that the hack “did not affect critical operations” and has been resolved since the incident.
The Emergency Communications System (ECS) at the Fed was affected. This is “a system used by the Federal Reserve and state banking departments to notify depository institutions of operational status in the event of natural or other disasters.”
A spokesperson for the St. Louis Fed explained: “Information obtained from the registrants consisted of mailing address, business phone, mobile phone, business email and fax. Some registrants also included optional information consisting of home phone and personal email. Despite claims to the contrary, passwords were not compromised, but nonetheless, have been reset as a precautionary measure.”
The social media site Twitter reported that 250,000 users information was accessed with the extraction taking usernames, email addresses, session tokens, and encrypted/salted versions of passwords.
Over last weekend, Anonymous launched Operation Last Resort. They published a spreadsheet with over 4,000 banking executive’s information, logins, credentials, IP addresses, hashed passwords, contact information; and cell phone numbers for bank presidents, vice presidents.
Last month Anonymous hacked into the Department of Justice (DoJ) and will release the data they apparently syphoned, to a chosen media outlet.
Richard McFeely, executive assistant director of the Federal Bureau of Investigations (FBI) Criminal, Cyber, Response and Services (CCRS) branch, explained: “We are always concerned when someone illegally accesses another person (‘s) or government agency’s network.” The FBI is treating this threat as a criminal investigation.
Anonymous hackers have collected digital infrastructure on “fissile material for multiple warheads”, threatening US Supreme Court Justices and maintaining that the FBI was allowed to “infiltrate” their ranks.
According to Twitter: “This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users. As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts.”
The US Sentencing Commission (USSC) website was offline as Anonymous stated that “the erosion of due process, the dilution of constitutional rights, the usurpation of the rightful authority of courts by the ‘discretion’ of prosecutors. We have seen how the law is wielded less and less to uphold justice and more and more to exercise control, authority and power in the interests of oppression or personal gain.”
Anonymous said that the chose to attack the USSC “due to the symbolic nature of its purpose — the federal sentencing guidelines which enable prosecutors to cheat citizens of their constitutionally guaranteed right to a fair trial, by a jury of their peers — the federal sentencing guidelines which are in clear violation of the Eighth Amendment protection against cruel and unusual punishment. This website was also chosen due to the nature of its visitors.”
Where the attacks originated from is not being publically speculated by the Fed; however Twitter confirmed that “the attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”
The Obama administration has concluded that through executive power the president can authorize a preemptive cyber war attack with the use of the US Military and advanced technologies.
Using the word “defense”, the enactment of the Pentagon’s cyber warfare contingency plans are part of offensive action that is being considered against Iran and China.
The Obama administration’s stance is that Obama “has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad.”
New policies being implemented “will govern how intelligence agencies can carry out searches of faraway computer networks for signs of potential attack on the United States and, if the president approves, attack adversaries by injecting them with destructive code—even if there is no declared war.”
Mainstream media continues to fear-monger the public into supporting the Obama administration’s actions toward cybersecurity by repeating that a cyber-attack would compromise power plants, hospitals, transportation systems or other critical infrastructure, potentially leading to economic devastation and widespread casualties.
The decision to use cyber warfare would lay with the President solely; however “officials [could] quickly determine that the cyber weapons were so powerful that—like nuclear weapons—they should be unleashed only on the direct orders of the commander in chief.”
As of now, Obama receives direct updates on cyber-attack possibilities from Iran from the Situation Room. The details are being kept from the public domain while it is clear that the US government is monitoring Iranian computers with the use of Flame and Stuxnet. Collecting data is the current phase of the Obama administration while there is a definitive preparation of the battlefield “for another type of covert action. There are levels of cyber warfare that are far more aggressive than anything that has been used or recommended to be done.”
Preparations for cyber warfare include the approval of 900 to 4,900 personnel to the Cyber Command as “part of an effort to turn an organization that has focused largely on defensive measures into the equivalent of an Internet-era fighting force.”
The Department of Defense (DoD), under Cyber Command, has identified 3 types of forces will be created to ensure digital infrastructure. A National Mission Forces unit will secure computer systems used by electrical grids, utilities corporations and nuclear plants. They will also oversee national and economic security. Combat Mission Forces will advise overseas military commanders to defensive and offensive attacks; while the Cyber Protection Forces will reinforce the DoD’s digital networks.
Janet Napolitano, Secretary of DHS, spoke at a think-tank in January, asserting that a cyber 9/11 was around the corner that would cripple US infrastructure by taking down the power grid, water treatment plants, and nuclear facilities; as well as transportation networks and financial institutions.
Napolitano said: “We shouldn’t wait until there is a 9/11 in the cyber world. There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage.”
The 2013 budget for DHS has as its top priority the issue of cybersecurity with 74% of the funds being directed to securing the homeland. This equals 850 million from administrative duties to support cybersecurity as the most important operational necessity.
Napolitano explains that “we will have suffered a major infiltration or attack and we will find some part of our critical infrastructure with a gap,” because the industry was not doing enough to protect itself on its own. “What we know now is already enough to go ahead, and we should be moving forward.”Add This to Technorati Faves