It took two days, but the U.S. Federal Reserve admitted late Tuesday night that someone hacked into its website on Sunday as much of the nation watched the Baltimore Ravens edge past the San Francisco 49ers in the Super Bowl -- but followers of the loose association of activist-hackers known as Anonymous already knew that.
“Now we have your attention America: Anonymous's Superbowl Commercial 4k banker d0x via the FED,” said a boastful Tweet posted during the game. The “d0x” refers to a trove of personal login information for over 4,000 bankers who had provided some non-critical details, such as names, phone numbers and email addresses. The link on the Twitter post is dead, but the document was still up on a mirror site early Wednesday morning.
The breach is considered more a nuisance than anything else, but it underscores the need for institutions to be vigilant about the threat of online privacy breaches constantly. In the past week the New York Times, the Washington Post and Bloomberg News said their networks had fallen prey to cyberattacks originating in China.
Late Tuesday the Fed made it official that the breach had occurred, though it didn’t go as far as naming the infiltrators. What it did say is that someone “exploited a temporary vulnerability in a website vendor product,” according to Reuters. The Fed representative said the problem was fixed and the breach did not access “critical operations."
The spokesperson wasn’t clear about which “vendor product” was hacked. The Fed sells publications through an online catalog with an allegedly "secure" checkout.
Anonymous kicked off a campaign called Operation Last Resort following the Jan. 11 suicide of Reddit co-founder Aaron Schwartz, which the group says was the result of “overzealous prosecutors” going after accused computer criminals. Schwartz was facing criminal prosecution for wire and computer fraud for unlawfully obtaining documents from an online repository of academic journals known as Journal Storage, or JSTOR.