- ‘Weathering With You’ blends fantasy and realism in a magical love story Saturday 6:18 PM
- Kidnapped teen used Snapchat to get rescued Saturday 4:35 PM
- What fans do and don’t want to see in future ‘Far Cry’ installments Saturday 4:26 PM
- Aaron Carter accused of stealing lion art for merch Saturday 3:10 PM
- Instagram’s hidden like counts were inspired by a ‘Black Mirror’ episode Saturday 2:06 PM
- Student says they were expelled for tricking teacher into making inappropriate TikTok Saturday 12:26 PM
- Space Force uniforms relentlessly mocked, memed Saturday 10:52 AM
- Man flamed after admitting he called police on Target employee over a toothbrush Saturday 9:10 AM
- Netflix’s ‘Vivir Dos Veces’ searches for a last chance at first love Saturday 8:00 AM
- Camila Cabello must do more about her racist history Saturday 6:00 AM
- Instagram and Facebook are reportedly blocking queer ads Friday 8:58 PM
- Review: Tyler Perry’s ‘A Fall From Grace’ is both nonsensical and utterly predictable Friday 6:48 PM
- Is Hulu censoring the Iran episode of Anthony Bourdain’s ‘Parts Unknown’? Friday 6:05 PM
- Trump admin celebrates Michelle Obama’s birthday by proposing rollback of her signature initiative Friday 4:01 PM
- TSA apologizes after agent grabs indigenous woman’s braids, says ‘giddyup’ Friday 3:28 PM
Feds confirm Anonymous hack of 4,600 banking executives
Yesterday, the Fed assured the executives that their passwords were never actually leaked. It was lying.
On Super Bowl Sunday, Anonymous released what it claimed were the usernames, passwords, and affiliations of 4,600 banking executives. Yesterday, the Fed confirmed that it had been hacked, and information stolen, while privately assuring the executives themselves that their passwords were never actually leaked.
The action was part of OpLastResort, inspired by the death of information freedom activist Aaron Swartz, to force the U.S. government to make sentences for hacktivism proportionate to the crime—i.e., to treat it as civil disobedience rather than a felony.
Other initiatives under the OpLastResort umbrella have included the dud “warhead” purporting to dox people in the witness protection program, and the hack of the U.S. Sentencing Commission website, among others, which were wiped and replaced with the arcade game Asteroids. USSC.gov remains “underconstruction” pending presumed security upgrades.
Information security consultant Jon Waldman told ZDnet that the Fed’s claim that passwords were not leaked is misleading if not plain false. “I’ve seen that list and it is absolutely rife with account details. Usernames and hashed passwords are included with salts. Anyone worth their weight in the technology field can decrypt a hashed password. The Fed did state that the passwords weren’t “compromised,” but that just means that they weren’t listed out in plain-text.” I’ve seen the list and agree with Waldman: The passwords are there, along with the keys to decrypt them.
The compromised system is the Emergency Communications System for banks, a sort of digital hotline between banks and the Fed, to be used in case of emergency—anything from natural disasters to alien attacks. The system data was accessed via a hack of the Alabama Criminal Justice Information Center, highlighting Anonymous’s OpLastResort focus on targeting the justice system. The site remains offline while being “sanitized” after the attack.
When the Fed alerted bankers to the breach, it had to resort to plain old email.
Image via Truthout/Flickr
Lorraine Murphy is an Ottawa-based cybersecurity journalist and founding editor of the Cryptosphere. She has a keen interest in WikiLeaks and web culture, and her bylines have appeared in Salon, Vanity Fair, Serious Eats, and elsewhere.