Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Customer Data / Hackers Hijack St. Louis Fed URLs
Hackers Hijack St. Louis Federal Reserve URLs
Hackers Hijack St. Louis Federal Reserve URLs
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
The Federal Reserve Bank of St. Louis has been hacked. The bank sent a message to its clients alerting them about an April hack that allowed attackers to hijack the institution’s domain name servers. Essentially, visitors were directed to phony Web pages.

In the alert, the bank warned that users who were redirected to one of these fake Web sites may have been unknowingly exposed to vulnerabilities that the hackers may have put there, such as malware. And the hackers may have accessed user names and passwords as well.

“These risks apply to individuals who attempted to access the St. Louis Fed’s Web site on April 24, 2015. If you attempted to log into your user account on that date, it is possible that this malicious group may have accessed your user name and password,” according to the alert. “The St. Louis Fed’s Web site itself was not compromised.”

Detecting Potential Intruders

We turned to Igor Baikalov, chief scientist at security analytics firm Securonix, to get his take on the latest hack. He told us the likely targets were the users of the Federal Reserve Bank data.

“Attackers could have harvested credentials on the spoofed pages hoping for password reuse on other, more sensitive Web sites, or implanted malware for later access to the user computer,” Baikalov said. “St. Louis Fed has to closely monitor affected applications for any anomalies in access and user behavior to detect potential intruders and prevent them from using the Fed's systems as a stepping stone for other attacks, similar to the State Department hack.”

Anatomy of the Attack

Stewart Draper, Director of Insider Threat at Securonix, told us there has been a rise in DNS-style attacks from hacktivist and cyber-crime groups over the last six months. He said an opportunistic group that saw a vulnerability it could exploit likely targeted the Federal Reserve Bank of St. Louis.

“They likely allowed the exploitable system to remain while they created fake Web sites for those institutes connected to them in hopes of conducting further reconnaissance on financial institutes,” Draper said. “I think once you begin redirecting traffic, your cover is blown so malicious malware will be difficult to keep on a system that could have been infected. I would imagine routing tables, communicating DNS systems from other financial institutions, would be a good starting point in data collection for these criminals.”

Potential for Disaster

Richard Blech, CEO of digital security solutions firm Secure Channels, told us the attack is an example of potential thieves tricking the customers of the banks whose Web traffic they redirected into entering their personal information into a similar looking site. In other words, it’s a good, old-fashioned phishing attack.

If the actual bank’s Web sites had used an authentication system that could not be reproduced on the phisher's site -- or only accepted encrypted data input from an actual customer -- the customer’s account would be safe because the phisher would be not able to reproduce the format of the encrypted data it accepted, he said.

“We cannot ignore this potential for disaster,” Blech said. “Hackers are playing with the Federal Reserve -- the ramifications of such a breach could be enormous and have dramatic effects on the economy.”

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.