Hackers Hijack St. Louis Federal Reserve URLs
The Federal Reserve Bank of St. Louis has been hacked. The bank sent a message to its clients alerting them about an April hack that allowed attackers to hijack the institution’s domain name servers. Essentially, visitors were directed to phony Web pages.
In the alert, the bank warned that users who were redirected to one of these fake Web sites may have been unknowingly exposed to vulnerabilities that the hackers may have put there, such as malware. And the hackers may have accessed user names and passwords as well.
“These risks apply to individuals who attempted to access the St. Louis Fed’s research.stlouisfed.org Web site on April 24, 2015. If you attempted to log into your user account on that date, it is possible that this malicious group may have accessed your user name and password,” according to the alert. “The St. Louis Fed’s Web site itself was not compromised.”
Detecting Potential Intruders
We turned to Igor Baikalov, chief scientist at security analytics firm Securonix, to get his take on the latest hack. He told us the likely targets were the users of the Federal Reserve Bank data.
“Attackers could have harvested credentials on the spoofed pages hoping for password reuse on other, more sensitive Web sites, or implanted malware for later access to the user computer,” Baikalov said. “St. Louis Fed has to closely monitor affected applications for any anomalies in access and user behavior to detect potential intruders and prevent them from using the Fed's systems as a stepping stone for other attacks, similar to the State Department hack.”
Anatomy of the Attack
Stewart Draper, Director of Insider Threat at Securonix, told us there has been a rise in DNS-style attacks from hacktivist and cyber-crime groups over the last six months. He said an opportunistic group that saw a vulnerability it could exploit likely targeted the Federal Reserve Bank of St. Louis.
“They likely allowed the exploitable system to remain while they created fake Web sites for those institutes connected to them in hopes of conducting further reconnaissance on financial institutes,” Draper said. “I think once you begin redirecting traffic, your cover is blown so malicious malware will be difficult to keep on a system that could have been infected. I would imagine routing tables, communicating DNS systems from other financial institutions, would be a good starting point in data collection for these criminals.”
Potential for Disaster
Richard Blech, CEO of digital security solutions firm Secure Channels, told us the attack is an example of potential thieves tricking the customers of the banks whose Web traffic they redirected into entering their personal information into a similar looking site. In other words, it’s a good, old-fashioned phishing attack.
If the actual bank’s Web sites had used an authentication system that could not be reproduced on the phisher's site -- or only accepted encrypted data input from an actual customer -- the customer’s account would be safe because the phisher would be not able to reproduce the format of the encrypted data it accepted, he said.
“We cannot ignore this potential for disaster,” Blech said. “Hackers are playing with the Federal Reserve -- the ramifications of such a breach could be enormous and have dramatic effects on the economy.”