

Federal Reserve confirms hackers breached site - taylorbuley
http://thehill.com/blogs/hillicon-valley/technology/281415-fed-confirms-hackers-breached-site

======
metabren
Anon are denying their involvement and seem to believe this is a propaganda
operation aimed at getting public support for SOPA style laws:

 _The same day literally hours before this release Department of Homeland
security named Cyber threats a severe issue and is trying to use this threat
to enact SOPA style laws with executive order. This operation gives them a
perfect example of WHY._

From <http://pastebin.com/9aB9vB62>.

~~~
snowwrestler
Anyone can be Anonymous; one person saying they didn't do it means nothing.

------
th0ma5
The related XKCD <http://xkcd.com/932/> ... however, despite it, we should
think about how close web hosting can be sometimes to actual systems possibly.
Also, the inherent trust insiders may have of their public presence could be
leveraged for an attack on the actual systems.

~~~
fghh45sdfhr3
_...breached an agency website and gained access to government information._

That's a bit more than just defaced. And it looks like it was anon. They are
bragging about it. But would government sponsored hackers (from say China)
brag if they got in even deeper?

~~~
fnordfnordfnord
How do you know it was Anon? Anyone can claim to be Anon. It's not as though
Anon is really even a thing, as opposed to an ad-hoc collection of factions.

------
gromy
American laws discouraging hacking will only leave more vulnerabilities open
on American networks for foreign hackers to exploit. With one less exploit now
open, we're lucky Anonymous hacked the Fed. How long had it been open? How
many other entities may have hacked in and not published what they found?

~~~
daeken
Playing whack-a-mole with vulnerabilities doesn't help make anything more
secure. Security vulnerabilities are, by and large, systemic issues; fixing
individual issues will never make things better, they just reduce the
appearance of risk. If you want to fix things, there are two things to keep in
mind:

1) Attackers always have an advantage over defenders. Attackers have to find
one bug, defenders have to fix them all.

2) Given #1 and the fact that we have such a systemic security fail on our
hands, the correct approach is nuking whole classes of bugs. We did this with
stack canaries and stack buffer reordering; we did this with CSRF tokens in
popular web frameworks; we did this with safe, managed code negating the vast
majority of memory corruption bugs.

We need to move past thinking of bugs as isolated incidents and figure out how
to make everything better at once.

------
pasbesoin
As computer technology becomes the toolset of the modern world, it becomes
increasingly apparent that current leadership cannot effectively use or manage
the toolset.

To some of us, this has been apparent for years. However, it can no longer be
swept under the rug, even by the use of entrenched power.

And, if and as they can't use and manage the toolset, should they remain in
their jobs?

My own personal history has been one of struggle against ignorant, moronic,
and very risky mis-management. Decisions and actions -- or lack of action --
that decreased security and decreased competitiveness.

When I read such stories, I have little sympathy left. I'm sure there have
been competent and well-meaning people telling them for years what they need
to do. That is, until they were terminated for "rocking the boat" or left for
greener pastures.

~~~
anigbrowl
Pas, that's a bit like castigating a bank manager for his lack of locksmithing
skills because thieves broke into the branch. I would have more sympathy with
your argument if we were talking about poorly-formed economic models or so,
but attacking the leadership of the federal reserve over a security breach on
a website suggests a serious lack of perspective.

~~~
ihsw
These are people who manage an organization that trades hundreds of millions
of dollars per day, it's more akin to shaming them because they have a rusty
screen door on the front door of their offices.

If the internal monitoring system was functioning and they knew about the
breach then they're negligent in ignoring the problems, if it wasn't
functioning/it wasn't implemented then they're negligent in not having the
foresight to reduce their risk.

------
BlackNapoleon
Its only a matter of time until they rape that place for everything.

