Hackers Intercepted Communications of St. Louis Federal Reserve Website Users

Financial Services // Government (U.S.)

The attackers hijacked the financial agency’s domain name servers.  

Users’ Web searches and queries were redirected to a webpage set up by the attackers “in an apparent bid by cybercrooks to hijack online communications of banks and other entities dealing with the regional Fed office,” Krebs reports.

The institution notified those it serves on May 18, 2015.

The alert stated that “hackers manipulated routing settings at a domain name service (DNS) vendor used by the St. Louis Fed so that they could automatically redirect some of the Bank’s web traffic that day to rogue webpages they created to simulate the look of the St. Louis Fed’s research.stlouisfed.org website, including webpages for FRED, FRASER, GeoFRED and ALFRED.”

It’s unknown whether the phony websites contained malware or other malicious applications that could have compromised computers trying to reach the St. Louis Fed site.

The statement continues:

“These risks apply to individuals who attempted to access the St. Louis Fed’s research.stlouisfed.org website on April 24, 2015. If you attempted to log into your user account on that date, it is possible that this malicious group may have accessed your user name and password.

“Out of an abundance of caution, we wanted to alert you to this issue, and also make you aware that the next time you log into your user account, you will be asked to change your password. In addition, in the event that your user name and password are the same or similar as those you use for other websites, we highly recommend that you follow best practices and use a strong, unique and different password for each of your user accounts on the Internet. Click https://research.stlouisfed.org/useraccount/forgotpassword/step1 to change your user account password now.”

Krebs speculates that, given the lag between the date the incident happed and the disclosure, it seems likely that it’s related to nation state-sponsored hacking. “If the DNS compromise also waylaid emails to and from the institution, this could be a much bigger deal,” he said.