The Federal Reserve has admitted it was hacked by Anonymous as the group ‘takes revenge’ for suicide of Reddit founder Aaron Swartz.
The admission, which raises questions about cyber security at the Fed, follows a claim that hackers linked to the activist group Anonymous had struck the Fed on Sunday, accessing personal information of more than 4,000 U.S. bank executives, which it published on the Web.
Swartz, 26, killed himself on January 11, just a month before he was set to go on trial in Boston for thirteen felony charges.
Family and friends of Swartz, who helped create Reddit and RSS, say he killed himself after he was hounded by federal prosecutors.
Officials say he helped post millions of court documents for free online and that he illegally downloaded millions of academic articles from an online clearinghouse.
Today a Fed spokeswoman said ‘The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product.’
‘Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system,’ the spokeswoman said, adding that all individuals effected by the breach had been contacted.
Technology news site ZDNet separately reported that Anonymous appeared to have published information allegedly containing the login information, credentials, internet protocol addresses and contact information of more than 4,000 U.S. bankers on Sunday night.
The claim was made via Twitter over an account registered to OpLastResort, which is linked to Anonymous, a loosely organized group of hacker activists who have claimed responsibility for scores of attacks on government and corporate sites over the past several years.
OpLastResort is a campaign that some hackers linked to Anonymous have started to protest government prosecution of computer prodigy Aaron Swartz, who committed suicide on Jan. 11.
The Fed declined to identify which website had been hacked. But information that it provided to bankers indicated that the site, which was not public, was a contact database for banks to use during a natural disaster.
A copy of the message sent by the Fed to members of its Emergency Communication System (ECS), which was obtained by Reuters, warned that mailing address, business phone, mobile phone, business email, and fax numbers had been published.
‘Some registrants also included optional information consisting of home phone and personal email. Despite claims to the contrary, passwords were not compromised,’ the Fed said.
The central bank separately confirmed the authenticity of the message to ECS members.
The website’s purpose is to allow bank executives to update the Fed if their operations have been flooded or otherwise damaged in a storm or other disaster.
That helps the Fed to assess the overall impact of the event on the banking system.
Last month the hacker-activist group hijacked the website of the U.S. Sentencing Commission to avenge the death.