A year and a half ago, when the hacker group Anonymous launched its anti-Bernanke, anti-Fed campaign dubbed Operation Empire State Rebellion (or OpESR), we stated, rhetorically and jokingly, that “perhaps in the aftermath of the IMF “very major breach” by anonymous hackers, it is really time to make sure all external access points to FedWire and FedLine are truly safe and sound. It will be very sad if it is uncovered that this source of externally accessible portal to hundreds of billions in emergency Fed funding has been somehow compromised. Just imagine the loss of confidence in the system… Why, a global distributed attack would really stretch the Fed’s 1,200-strong police force quite thin.” It appears that either FedWire or FedLine may not have been “truly safe and sound” after all.
Recall that a week ago in retribution for the suicide of Aaron Swartz, Anonymous launched yet another “operation” this time titled “Last Resort“, as a result of which it hacked the Department of Justice and released a 1.3 GB folder of still encrypted “warhead” data containing files each named for Supreme Court Justices. And while there has been no additional disclosure on this latest operation, Anonymous may have reverted to the mothballed OpESR, by hacking none other than the Fed.
As ZD reports, last night Anonymous once again hacked a .gov site, this time the Alabama Criminal Justice Information Center (ACJIC). But it was not the site hacked that was material, but rather what was posted on it. What was posted is an extended data dump sheet, titled “oops we did it again” which lists some 4,606 rows of confidential credential data including titles, names, addresses, emails, phone numbers, logins, password hashes, and much more. The spreadsheet can be found at this link.
And while the data contains primarily B-grade information, with no New York bank disclosure at least on a cursory check, a more important question is where was this data sources. Anonymous itself provides a clue in a tweet from last night:
And judging by the level of detail, it is possible that Anonymous did indeed hack either FedWire or FedLine, although it is just as possible this was merely grabbing root data in some low security regional Fed website.
Anonymous provides some additional information in a further tweet:
In other words, to Anonymous this is merely an escalation of its Anti-DOJ campaign demanding structural changes (good luck) as retribution for the Swartz death. It is unlikely it will get them.
What is curious, however, is if Anonymous really did penetrate one of the Fed’s critical money clearing networks, and if indeed it has access to key financial data at the granular, regional bank level. A bigger question then is just how much more Fed-level access does Anonymous have, and will it resort to it as its demands are unmet by the DOJ in the coming days. Or in other words, what else can and will Anonymous release?
February 4, 2013