The Federal Reserve is one of the backbones of the American financial system, responsible for the nation’s money supply and holder of the largest stash of gold in the world. But in early 2013, it was hacked.
In February of last year, the Federal Reserve confirmed a system breach that included the theft of sensitive data from many of its employees. On Thursday, a court in the Southern District of New York finally identified the culprit as British hacker Lauri Love.
Love has been indicted on charges of computer hacking and aggravated identity theft for secretly infiltrating vulnerable severs and unlawfully extracting personally identifiable information of Federal Reserve employees at the New York and Chicago branches.
He claimed to have had control of the Federal Reserve Bank of Chicago and several other of the central bank’s websites in late 2012 and early 2013, and bragged about potentially sending fake emails using usernames and passwords obtained during the breach, and defacing the sites, according to the court filings unsealed Thursday by the U.S. Department of Justice.
All of the victim information was running on a particular – unnamed – software program known to contain vulnerabilities, breached using a well-known hacking tool called an SQL injection.
While Love’s damage seems minimized to stolen names, passwords, email addresses and phone numbers -- not sensitive financial data -- the actions nevertheless underscore the criticality of cyber fortresses protecting nations’ most valued assets.
This isn’t the first time unauthorized persons gained access to a Federal Reserve network. In 2010, a Malaysian man was arrested for hacking into and damaging 10 Federal Reserve computers, according to Bloomberg.
A year later, a bug was discovered in its Adobe ColdFusion software that would have enabled an attacker to gain high-level privileges to sensitive data.