The institution suffers the universal(?) governmental vulnerability they always refuse to acknowledge.... that there is some unwritten law among them forcing them to use 'contractor' and 'third-party' expertise to provide them with security.
Failure after failure of 'contracted' IT services seems not to have persuaded anyone in the arena of high-level government (or in this case "quasi-governmental") procurement decisions.
According to Reuters:
"Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system," the spokeswoman said, adding that all individuals effected by the breach had been contacted.
Notice they don't reveal "when" they "discovered" the hack... except the announcement Anonymous made regarding the effort they called "OpLastResort" seems to have preceded the discovery... meaning the damage had already been done.
While offering us a comment such as this:
It is unknown which website was hacked, but the stolen data apparently consisted of a contact database for banks to use during a natural disaster.
... they follow up with the following statement:
he Federal Reserve website is the last target of Anonymous’ OpLastResort. Initiated last week as a reaction to the U.S. government's role in the suicide of Internet activist Aaron Swartz, it already resulted in the hacks of the websites belonging to the U.S. Sentencing Commission, the Eastern District of Michigan U.S. Probation Office, and the Alabama Criminal Justice Information Center, where the stolen file was initially hosted.
Curiously, they seem to imply that the file and location was known... despite the initial statement "..It is unknown which website was hacked..." It may be a simple editorial error... but it is nevertheless interesting who hosted the file in question.
Back to Reuters....
Cyber-security specialists said that any organization's computer systems could be breached, and that it was up to an organization like the Fed to prioritize its security needs, in order to protect its most sensitive information from attack.
"Every system is going to have some vulnerability to it. You cannot set up a system that will survive all possible attacks," said Mark Rasch, director of Privacy and security consulting at CSC and a former federal cyber crimes prosecutor.
"You have to defend against every possible vulnerability and the attackers only have to find one way in," he said.
Security firms explain always that it's not their fault.. they can't foresee 'every' possible breach point.... why does that sound like a political by-line to me?
Personally, I suspect that the true power of Anonymous isn't in the technical abilities of it's members... but instead their actual identities.. for all we know - some of them could work and play within the system....
(visit the link for the full news article)
edit on 6-2-2013 by Maxmars because: (no reason given)