The Federal Reserve Bank of St Louis has notified the banks it serves that it was targeted by criminal hackers last month, who undertook a domain name server (DNS) attack to redirect site visitors to a malicious website where they “may have been unknowingly exposed to vulnerabilities”.
The Missouri Fed location – one of 12 regional reserve banks – is the headquarters of the Eighth Federal Reserve District, and serves banks in Arkansas, Illinois, Indiana, Kentucky, Mississippi, Missouri, and West Tennessee.
Brian Krebs received a copy of the communiqué from an anonymous source, and quotes its contents:
“[The] Federal Reserve Bank of St. Louis has been made aware that on April 24, 2015, computer hackers manipulated routing settings at a domain name service (DNS) vendor used by the St. Louis Fed so that they could automatically redirect some of the Bank’s web traffic that day to rogue webpages they created to simulate the look of the St. Louis Fed’s research.stlouisfed.org website, including webpages for FRED, FRASER, GeoFRED and ALFRED.”
FRED (Federal Reserve Economic Data) is an economic database; FRASER (Federal Reserve Archival System for Economic Research) contains links to PDF images of historical economic statistics from the 19th century onwards; GeoFRED allows users to create geographical maps of the economic data found in FRED; and ALFRED (ArchivaL Federal Reserve Economic Data) allows users to access historical economic data from specific dates.
Users of these sites will be prompted to change their passwords the next time they log in. The St Louis Fed’s website itself – which was successfully attacked in 2013 – was not compromised.
DNS attacks work by overriding TCP/IP settings and redirecting website visitors rather than by assuming control of the actual target site. DNS hijacking rarely affects customer information directly, instead causing disruption by gaining control over affected websites’ domain names, and exposing visitors to malware and phishing attacks on malicious sites, which are often clones of the original.
It is therefore unlikely that the St Louis Fed itself was the intended victim of this particular attack. Cyber criminals are more likely to have wanted to harvest usernames and passwords from unsuspecting visitors, which could then be reused to gain access to legitimate sites in subsequent attacks.
If you’re concerned about your organization’s susceptibility to DNS hijacking – or indeed any other attack – you’ll be interested in IT Governance’s penetration testing packages. Designed to identify vulnerabilities and provide remedial measures that you can take to secure your systems, they provide a complete solution for the routine security testing of your websites and IT systems to ensure that your networks and applications remain secure against cyber attacks.