St. Louis Federal Reserve Falls Victim to DNS Hijack

St. Louis Fed Reserve

The Federal Reserve Bank of St. Louis confirmed this week that it fell victim to a DNS hijack last month that may have redirected users to bogus webpages and exposed customers to phishing, malware and other attacks.

The St. Louis Federal Reserve Bank confirmed this week that it fell victim to a DNS hijack last month. The attack may have redirected users to bogus webpages and for a period of time exposed customers to phishing, malware and other attacks that potentially could have duped users into giving away their usernames or passwords.

The intrusion occurred on April 24 after hackers were reportedly able to manipulate router settings at a DNS vendor used by the bank, according to a statement the bank sent out to customers on Monday.

Sites affiliated with the Fed, like the bank’s economic database, — FRED, its archival information database, — FRASER, its vintage statistics database, — ALFRED, and its geographical maps database, — GeoFRED, were all implicated in the breach.

While the attackers’ motive hasn’t yet surfaced, it’s being assumed those behind the hack were seeking access to the swaths of economic data and research that’s hosted on the four sites.

The sites contain digitized documents that detail economic and banking data and policy. Recent research published by FRED covers everything from economic figures regarding topics like oil prices to labor market trends, and inflation measurements, to name a few.

When reached Tuesday a St. Louis Fed spokesperson insisted that the Federal Reserve’s website was spared from the attack but claimed that anyone who attempted to visit the aforementioned sites on April 24 may have been brought to a fake site that was rigged to look authentic. From there the users could have been tricked into surrendering personal information like their username and password.

The regional bank, one of 12 that comprise the backbone of the U.S.’s Federal Reserve, claims that anyone who has an active user account for either FRED, FRASER, ALFRED, or GeoFRED, will be required to change their password the next time they log in.

It shouldn’t come as a surprise but the Fed is also warning users who use the same credentials on other accounts online to change their login information at those sites as well, as their username or password have been leaked in the compromise.

The Reserve did not specify how it was made aware of the DNS hack or exactly what it did to mitigate the attack.

This isn’t the first time the St. Louis Fed has been targeted by hackers. In 2013 hackers were able to exploit a vulnerability in a website vendor product to break into the Fed’s Emergency Communications System. The news came on the heels of a statement from the hacktivist collective Anonymous that it was able to break into a site operated by the Federal Reserve. Anonymous backed up their claim by going on to dump the private data of more than 4,000 U.S. bank executives, including their usernames, IP addresses, names, emails, phone numbers and hashed passwords.

In 2012 a Chinese man, Bo Zhang, admitted that he stole software source code used by the U.S. Federal Reserve Bank of New York and used it to help him monitor government transfers. Zhang, who was living in Queens and working for the Fed at the time as a contract employee, was sentenced to six months of home confinement as as part of an sentence of three years of supervised release.

*Photo via pasa‘s Flickr photostream, Creative Commons

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.