A PHP Error was encountered

Severity: 8192

Message: Non-static method Comment::form() should not be called statically, assuming $this from incompatible context

Filename: libraries/Template.php

Line Number: 3264


Thursday, February 28, 2013

Federal Reserve Breach

John Morawski, Chief Technology Officer, New England Credit Union Services, LLC

Apparently, while most people were enjoying the Super Bowl, a group of people from the hacker group Anonymous were up to no good. They successfully breached the St Louis Fed Emergency Communications System (ECS). Over 4,000 user IDs, names, titles, IP Addresses, and contact information of employees at credit unions and other financial institutions were compromised. Anonymous has been protesting the Government’s treatment and eventual suicide of Aaron Swartz, an online activist who illegally obtained academic journal articles from JSTOR.
So what can we learn from this? Well, first, no one is safe. The Fed has still not officially confirmed it was the ECS system that was hacked, but emphatically insisted that no banking system was compromised. The only thing they will admit is that third-party software was compromised and that the vulnerability has been patched. The second take away from this is that no matter who wants information from you, you should ask how it will be stored. If this information had been encrypted it would not have been much of a story.
Some people have the attitude that it wasn’t a big deal; that most of the information was public any way. And, for the most part, a majority of the information was public; however, this list put all this information into a nice little package for someone who may have less than honorable intentions. The big issue I have is the fact that credit union IP addresses were part of the list. This didn’t make the financial institution less secure, but it gave a hacker a big head start. People now know the direct IP address for the credit union’s firewall. The recommendation I would make to any one on the list is to change their firewall IP address, if possible. If there isn’t a reason to have static or consistent IP, then most Internet providers can change the external IP address very easily.
The final take away I get from this situation is that no matter who you are you are vulnerable. The basic inherent problem with computers and networks is that they were designed to share information. We all need to be extra vigilant today more than ever. Unfortunately, the crook you need to worry about won’t be wearing a mask or be coming into your lobby.

Posted by Rob •
Commenting is not available in this channel entry.