Pierluigi Paganini February 05, 2013

The hacktivists of Anonymous group are still very active and are continuing their campaign dubbed  #OpLast Resort, this time hitting US financial world. The hackers have published private information and credentials of around 4,000 American bank executive accounts to protest on actual U.S. computer crime law reform judged unfair.

The hacktivists have published on Pastebin and on a government site, the Alabama Criminal Justice Information Center (ACJIC) site, a file containing stolen data, what is concerning is that some of the information could be connected to Federal Reserve computers, including personal information such as cell phone numbers for U.S. bank high management (Presidents, Vice Presidents and other managers). The password contained in the file aren’t in plain text, it contains only hashed passwords. The page extension URL is titled, “oops-we-did-it-again.”:

http://acjic.alabama.gov/documents/oops-we-did-it-again.html

Following Anonymous style the news has been widespread using various channels such as social media account on Twitter and Facebook. The situation is embarrassing for Federal Reserve because the file appears to have been stolen from its network and all the information reported are updated. The Fed provides various critical services called Fedline that allows the execution of reserved operations across the U.S. banking system such as money and funding transfers via the U.S. Federal Reserve. Financial institutions in fact could transfer funds between member participants accessing to the service, Fedline is considered the primary U.S. network for high value, time-critical and international payments and imagine a leak in the system is frightening.

Last week Anonymous revealed to have infiltrated various federal websites and the events seems confirm it, probably the group still had access to government websites. Let’s remind that the Anonymous’s rage is exploded after the Swartz tragedy and February 4, 2013 is the deadline for Attorney General Eric Holder to answer specific questions regarding the Aaron Swartz prosecution.

According some experts the deadline is an important date for the followers of the group and more striking offensives could be conducted if the requests of the collective are ignored.

Democratic congresswoman Rep. Zoe Lofgren is promoting a bill called “Aaron’s Law” that aims to rejuvenate the 1984 Computer Fraud and Abuse Act used to persecute the young talent, she used Reddit to spread various versions of its proposal in most democratic mode asking for suggestions to improve the draft.

Events such as the death of the young Swartz should lead us a series of reflections on human and legal perspectives. A cyber crime has a multitude of facets profoundly different and for which it must assign punishment proportional, an cyber attack against a critical infrastructure is different from a DDoS against a web site.

Pierluigi Paganini