Bankers affected say it’s no big deal
Jo David Cummins, president and CEO of Community First Bank of the Heartland in Illinois, laughs off Anonymous‘ mid-January “hack” of a U.S. Federal Reserve database, which scooped up his record and over 4,000 others. He tells Reuters, “It hasn’t been much of a hassle. The information that was on the contact system was the same thing that was on my business card, so it wasn’t like it was anything that could do any harm to me or the bank.”
I. Adobe Flaw Likely Exploited by Hackers.
But while it may not be a big deal for most of the affected, the U.S. Federal Bureau of Investigation and the Federal Reserve are taking the incident very seriously. Comments Federal Reserve spokesman Jim Strader, “We are in the process of a comprehensive assessment to determine what information might have been obtained in this incident. We remain confident that this incident did not affect critical operations of the Federal Reserve.”
The site that the information leaked from was dubbed Emergency Communication System (ECS). While protected by passwords and encryption, Anonymous was able to circumvent those barriers.
It’s possible that the attackers used an SQL injection (aka “Little Bobby Tables“) style attack. Such attacks can be prevented if the requests were sanitized.
However, it’s also possible that the hackers exploited well-known security flaws in Adobe Systems, Inc.’s (ADBE) Cold Fusion suite, which the site was built upon. In mid-January — right about the time of the attack — Adobe patched several critical security flaws that could allow malicious users access to restricted files and even allow them to takeover servers. READ MORE