St Louis Federal Reserve Bank not target of DNS hack, say experts

The hacking of a domain name server (DNS) for the Federal Reserve Bank of St Louis is more likely to be aimed at customers than the bank itself, say security experts

The hacking of a domain name server (DNS) for the Federal Reserve Bank of St Louis is more likely to be aimed at customers than the bank itself, say security experts.

Security blogger Brian Krebs revealed that the institution had issued a warning on 18 May to the banks it serves that on 24 April 2015 hackers had hijacked one of its DNS providers.

The St Louis Federal Reserve is one of 12 regional organisations and serves banks in Missouri and six other US states.

Krebs reported that the verified communiqué said hackers had manipulated routing settings at a DNS provider to redirect the bank’s web traffic to fake web pages.

The rogue web pages simulated the look of the “St Louis Fed’s website, including webpages for FRED, FRASER, GeoFRED and ALFRED,” the bank said.

These web pages allow registered users access to a variety of economic and research data.

The communiqué warns that users who were redirected to one of the fake web pages may have been exposed to phishing, malware or theft of usernames and passwords.

For this reason the bank has taken the precaution of resetting all passwords for its users.

Read more about the economic impact of cyber attacks

The target of the DNS hijack is more likely to be the customers of the bank than the institution itself, according to security industry experts.

“Attackers could have harvested credentials on the spoofed pages hoping for password reuse on other, more sensitive websites, or implanted malware for later access to the user computer,” said Igor Baikalov, chief scientist at security analytic firm Securonix.

“There's not much the affected users can do to protect themselves: as the statement noted, changing password is a good idea; scanning user computer with updated anti-virus signatures might also help to detect malware,” he added.

Baikalov said the St Louis Fed should monitor affected applications closely for any anomalies in access and user behaviour to detect potential intruders and prevent them from using its systems as a stepping stone for other attacks.

According to Stewart Draper, director of insider threat at Securonix, there has been a rise in DNS-style attacks from hacktivist and cyber crime groups in the past six months.

“I think this target was selected by an opportunistic group that saw a vulnerability they could exploit. They likely allowed the exploitable system to remain while they created fake websites for those institutes connected to them in hopes of conducting further reconnaissance on financial institutes,” he said.

According to Richard Blech, chief executive of encryption firm Secure Channels, the DNS hijacking would have provided the perfect opportunity for phishing attacks.

“If the actual banks’ websites had used an authentication system that is not able to be reproduced on the phishers’ site or only accepted encrypted data input from an actual customer, the customer’s account would be safe as the phisher would be not able to reproduce the format of the encrypted data it accepts,” he said.

Blech added that the potential for disaster cannot be ignored. “Hackers are playing with the Federal Reserve, and the ramifications of such a breach could be enormous and have dramatic effects on the economy,” he said.

In February 2015, US national intelligence director James Clapper warned that cyber attacks by politically and criminally motivated actors top the list of threats facing the US.

“Cyber threats to US national and economic security are increasing in frequency, scale, sophistication and severity of impact,” he told Congress.

In September 2013, Scott Borg, chief of the US Cyber Consequences Unit, predicted that manipulation of international financial markets will be the next evolution of cyber crime.

There is a limit to the amount of money criminals can make through theft and credit card fraud, he told a joint session of the ASIS International and (ISC)2 annual congresses in Chicago.

“But there is no limit to the money that can be made by manipulating financial markets. By taking a position in the market and then conducting a cyber attack to discredit a company, criminals can make an almost infinite amount of money,” he said.


Read more on Privacy and data protection

Data Center
Data Management