Anonymous reveals ample Fed access, FBI opens criminal investigation

Anonymous reveals ample Fed access, FBI opens criminal investigation

Summary: Anonymous published a file revealing significant access to the Federal Reserve's internal files and servers; amid accusations of inaction and non-transparency the FBI has opened a criminal investigation into Sunday's bank hack.

SHARE:
TOPICS: Security
12
fbi-doj-lastresort

Anonymous' 'Operation Last Resort' has published a new document revealing that the hacking collective has had an astonishing amount of access to The Fed's internal files and servers.

The new attack is Anonymous' response to the information security community's anger at the Federal Reserve ("The Fed") for its dismissive attitude and lack of transparency around Sunday's emergency contact system hack.

Anonymous has compromised the Grand Banks Yachts Web site to host this new file—Grand Banks Yachts, Ltd.—which manufactures and sells luxury yachts worldwide.

The URL filename ominously reads, "dorner-is-a-symptom-not-the-syndrome."

The Anonymous 'Operation Last Resort' action last Sunday exposed over 4,600 bank executive credentials for The Fed's expanding nationwide program, the Emergency Communications System.

The FBI has now begin to respond—at least to the bank hack—by opening a fresh criminal investigation into Anonymous 'Operation Last Resort.'


The new document essentially shows that Anonymous had access to several of The Fed's servers and internal documents.

Like everything we've seen so far in Anonymous' 'Operation Last Resort' actions, the details of the hack appear to be symbolic.

The new attack's filename refers to Christopher Dorner, an ex-LAPD police officer that killed three people, "declared war on the LAPD" and is currently the target of a California state-wide manhunt.

Dorner published a lengthy manifesto to Facebook stating that his murderous mission—to avenge corruption within the LAPD that ruined his life—was his only remaining path to justice.

Despite Dorner's public status as a fugitive and an alleged murderer, Dorner has been characterized by some Anons as "an avatar of the man of conscience pushed to the point of desperate action."

On Twitter, Anonymous' 'Operation Last Resort' directed the latest drop to Veracode chief technology officer and L0pht alum Chris Wysopal, in an apparently friendly acknowledgment of the Veracode CTO's analysis and comments about the technical details surrounding the recent Federal Reserve bank hack.


The new breadcrumb from Anonymous provides more clues into the Federal Reserve bank hack that resulted in the leaking of personal information of more than 4,600 bankers. 

If it appeared that while Anonymous was tap dancing on the Department of Justice's property as the federal authorities casually dismissed the serious attacks and exposures, the feds are now making a move.

Federal Reserve spokesman Jim Strader told the Reuters news agency yesterday: ""This incident is the subject of an active criminal investigation with the FBI and we cannot comment further."

Reuters also reported that The Fed declined to comment on when the attack took place, how long it took for the breach to be discovered, and what type of system or vulnerability was exploited.

"The Fed statement on Thursday was its first explicit acknowledgment that it did not yet know the extent of the security breach," the news agency said.

Infosec community serious; Feds cavalier attitude 

It has been difficult to tell if the Justice Department or The Fed have taken the attacks seriously.

In contrast, the information security industry sees the attacks and exposures as very serious, and have loudly called on The Fed to reduce mounting harm by sharing key information about the attacks.

Federal Reserve spokesperson told reporters that Anonymous' claim to the hack's importance was "overstated," yet information security professionals that serve financial institutions said the exact opposite—and were angry with the Federal Reserve for downplaying the incident.

Veracode's Wysopal unpacked the hack and calls it "a spearphishing bonanza," and "the most valuable account dump by quality I have seen in a while," in a recent company blog post.

Wysopal's post pointed out that while it was still speculative what the compromised vendor software was, the application on The Fed's side that was exploited by Anonymous to gain access was programmed in Adobe ColdFusion.

Wysopal also suggested that the cost of the bank hack would be at least $1,137,929, based on average costs per financial services record breached. But he also believes a breach of this type will actually cost "much, much more."

There are several well-known security flaws in Adobe Systems, Inc.'s ($ADBE) ColdFusion suite.

In mid-January, just before the attack, Adobe had issued patches for several critical security flaws that allowed malicious access to restricted files and servers.

In the press release for the patch, Adobe stated:

This hotfix addresses vulnerabilities that could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server... Adobe is aware of reports that four vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632, referenced in Security Advisory APSA13-01) are being exploited in the wild against ColdFusion customers.

DailyTech wrote today: "A 2012 audit at the Fed suggested that a monitoring system be put in place to review security at third-party systems. It's possible the ECS system may fall under that category."

"You have misjudged a sleeping giant." 

As the basis for this 'Operation Last Resort' campaign, Anonymous cited the recent suicide of hacktivist Aaron Swartz as a "line that has been crossed."

Anonymous' comments states the campaign in retaliation for Swartz's suicide, which many—including the Swartz family—believe was a result of overzealous prosecution by the Justice Department, and what the family deemed a "bullying" use of outdated computer crime laws.

Today's document release is the latest in an unprecedented display of access that Anonymous factions in 'Operation Last Resort' seem keen to display.

'Operation Last Resort' launched late evening on January 25 when Anonymous hacked the U.S. Sentencing Commission Web site and turned the site into a distribution hub for encrypted files.

'Operation Last Resort' called the files "warheads," named after each of the Supreme Court Justices, saying the files contained dangerously sensitive data—and that if there was not immediate action from the U.S. government for legal reform, Anonymous would make file decryption keys publicly available.

The federal authorities wrestled all weekend with Anonymous to try and regain control of the Web site, and were able to restore the site temporarily.

Anonymous had the last laugh on the afternoon of January 27 when it whimsically transformed the U.S. Sentencing Commission Web site into an interactive video game of "Asteroids."

At this time it is unknown why the new attack is hosted on the Grand Banks Yachts site, other than its "Banks" name, perhaps in a symbolic tie to Sunday's Fed bank hack.

Interestingly, Grand Banks Yachts chief executive and chief financial officer Peter Poli has a background in financial securities.

Before working for Grand Banks, Poli spent twelve years in the securities business, the last three of which as the chief financial officer for a Morgan Stanley subsidiary. He also oversees the yacht company's IT departments.

The nod to fugitive and alleged murderer Chris Dorner may be a small detail. But—at least to me—it's a riveting detail wherein Anonymous may be suggesting that the very system Dorner seeks to destroy is to blame for turning Dorner from proud patriot to lethal product.

Before the LAPD, Dorner had served in the U.S. Naval Reserves, where he earned a rifle marksman ribbon and pistol expert medal. Dorner had been assigned to a naval undersea warfare unit, various aviation training units, and took a leave from the LAPD and deployed to Bahrain in 2006 and 2007.

His Facebook manifesto read:

I will utilize every bit of small arms training, demolition, ordinance and survival training I've been given.

You have misjudged a sleeping giant.

The 'Operation Last Resort' video, posted Friday on the U.S. Sentencing Commission Web site, now has more than 1.38 million views at the time of writing. Still, two weeks after Anonymous took down the Web site, it remains "under construction."

We will update you with new developments as they become available.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • FBI Facebook?

    Why the hell does the FBI have facebook image files in their directory?

    f:\ywcontent\boseconadv-2\webpages\assets\images
    facebookicon.gif


    Directory of f:\ywcontent\Bosfedorg-2\webpages\ar2011\images\prettyPhoto\facebook

    07/26/2012 07:43 PM .
    07/26/2012 07:43 PM ..
    01/31/2011 03:33 PM 845 btnNext.png
    01/31/2011 03:33 PM 828 btnPrevious.png
    01/31/2011 03:33 PM 142 contentPatternBottom.png
    01/31/2011 03:33 PM 137 contentPatternLeft.png
    01/31/2011 03:33 PM 136 contentPatternRight.png
    01/31/2011 03:33 PM 142 contentPatternTop.png
    01/31/2011 03:33 PM 227 default_thumbnail.gif
    01/31/2011 03:33 PM 2,545 loader.gif
    01/31/2011 03:33 PM 4,227 sprite.png
    9 File(s) 9,229 bytes



    Rude Bush Adobe Acrobat File?
    01/03/2012 06:07 PM 352,057 christensen_lopez_rudebush.pdf
    aftershock14520
  • Fun with Google

    Do a search on: Federal Reserve Bank Coldfusion jobs

    Of course an Adobe product would be involved. For additional grins/eye-rolling, search on: CFIDE-Autopwn v1.1
    JustCallMeBC
  • I was

    wondering why all the compromised sites were running Windows and IIS. Now there is a clue.
    eulampius
    • Do you even know the Layers of the OSI Model?

      The OS was not hacked, Layer Seven (Application Layer owned by and coded by Adobe) was hacked. That Means the Coding programmers did not know realize that they needed their vulnerabilities patched before releasing. As a Software Distribution Consultant. Adobe products as well as Java based products must be patched weekly.

      Yes PATCH TUESDAY, once each month Microsoft releases patches to fix security vulnerabilities. As an SCCM Admin, I am patching Adobe products weekly.
      So blame Windows and IIS as you obviously do not understand, applications are the final frontier for defense against government distributed malware etc...

      When 3rd party developers go against Microsoft recommendations concerning best practices siting Microsoft thinks they know everything, Microsoft knows the limitations of their OS.
      So get the systems engineers to do there jobs and patch the application causing the threats to the OS and sensitive data.
      Mannabis
  • If a bunch of amateur hackers can do this

    Just imagine what the state sponsored hackers are doing
    Alan Smithie
    • Nothing much

      Freetard hackers and cracker are far more able than government weenies at free thought,it takes a restricted way of thinking to fit into the government at any level and that type of thinking is useless against a free associating mind
      wizardb@...
  • Not ONE banker went to jail for the 2008 Wall Street crash

    Yet when bankers are inconvenienced with a security leak into their private secret dealings, the FBI springs into action.
    johnsmith9875
    • ?

      What makes you think they're working for us, anyway?
      jhnnybgood
  • Gross, dangerous incompentence at every level.

    Does the government even care anymore? These people did this attack to be brazen. But how many unknown attacks, or covered up attacks are going on? Can we trust the government to protect sensitive data? How much embezzling is going on in American business that is going undetected? These attacks and the governments lack of response are a display of weakness that this country can not afford. Maybe we need to lay off some of the unless agents, and disband some of the less useful agencies, and spend more time and money into protection our internet infrastructure.
    scummcdirt
    • Maybe the government should start protecting

      ... its citizens from the kind of bank fraud that drained billions from ordinary folks and came close to crashing the whole financial system.
      All the dollars that flowed into the data cats' offshore untaxable accounts, and according to law enforcement, not one of them did anything unlawful enough to rate prosecution.
      Anonymous obviously has it right. The rich own the US government. The average Joe is just fodder for them.
      radleym
  • That shoud read "...fat cats..."

    N/T
    radleym
  • The Feds Are Covering Up and Definitely the Courts are Covering Up!

    The judges at MIED/P are denying Anonymous broke in and took files. They were also the victim of the Cold Fusion injection. As an attorney I can't set up an account because it looks like they also used Cold Fusion for Case Filing electronically. Their PR person claims they may or may not have been compromised with no sensitive data taken....what a stupid statement...duh.

    If not sensitive data was taken then why can't I get an ID and Password. My partner cannot get his password reset. He must call their help desk. Something is very suspicious here...did Anonymous get to the ID & Password files? These clowns are denying and popping off about Anonymous and saying they only played games on the MIEP site.

    These are the 'cats' that are supposed to preserve the constitution and instead are just another part of the system that murdered and bankrupted Aaron Swartz. I hope they expose these arrogant fools for what they are....criminals in robes perhaps?
    tool482002