A cyberattack on the Federal Reserve Bank of St. Louis last month compromised the bank’s domain name and routed web traffic to rouge websites created by the hackers that simulated the original, the bank confirmed this week.
Bank officials said in a statement on Monday that while the
hackers didn’t compromise its website, they did manipulate the
bank’s routing on April 24.
READ MORE: Ex-US govt. employee accused of trying
to steal nuke secrets
“As is common with these kinds of DNS (domain name service)
attacks, users who were redirected to one of these phony websites
may have been unknowingly exposed to vulnerabilities that the
hackers may have put there, such as phishing, malware and access
to user names and passwords,” the Fed statement said.
The statement added that those people who attempted to access the
research.stlouisfed.org website on April 24 might have exposed
their account name and password to hackers. As a precaution,
users will be asked to change their password the next time they
log onto the website.
“[In] the event that your user name and password are the same
or similar as those you use for other websites, we highly
recommend…a strong, unique and different password for each of
your user accounts on the Internet,” said the statement.
READ MORE: DoJ, security experts warn of
increasing overseas cyberattacks
Hackers regularly target US government agencies and websites,
most recently at the White House, State Department, United States
Postal Service, and National Oceanic and Atmospheric
Administration, according to Reuters.
Security experts think hackers may have secured bankers and
currency traders’ email addresses and passwords, which could be
used in future attacks.
“Great way to phish the password and email addresses of
bankers and currency traders,” Dave Jevans, chairman of the
Anti-Phishing Working Group, told The New York Times. “Since people
reuse passwords, this is a ready font of juicy data to attack all
users of the Fed’s data.”