April 26, 2024

You are here: Home / Archives for aaron swartz

Fed Says Internal Site Breached by Hackers; No Critical Functions Affected

February 6, 2013 by Leave a Comment

The admission, which raises questions about cyber security at the Fed, follows a claim that hackers linked to the activist group Anonymous had struck the Fed on Sunday, accessing personal information of more than 4,000 U.S. bank executives, which it published on the Web.

“The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product,” a Fed spokeswoman said.

“Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system,” the spokeswoman said, adding that all individuals effected by the breach had been contacted.

Technology news site ZDNet separately reported that Anonymous appeared to have published information allegedly containing the login information, credentials, internet protocol addresses and contact information of more than 4,000 U.S. bankers on Sunday night.

The claim was made via Twitter over an account registered to OpLastResort, which is linked to Anonymous, a loosely organized group of hacker activists who have claimed responsibility for scores of attacks on government and corporate sites over the past several years.

OpLastResort is a campaign that some hackers linked to Anonymous have started to protest government prosecution of computer prodigy Aaron Swartz, who committed suicide on January 11.

The Fed declined to identify which website had been hacked. But information that it provided to bankers indicated that the site, which was not public, was a contact database for banks to use during a natural disaster.

A copy of the message sent by the Fed to members of its Emergency Communication System (ECS), which was obtained by Reuters, warned that mailing address, business phone, mobile phone, business email, and fax numbers had been published.

“Some registrants also included optional information consisting of home phone and personal email. Despite claims to the contrary, passwords were not compromised,” the Fed said.

The central bank separately confirmed the authenticity of the message to ECS members.

The website’s purpose is to allow bank executives to update the Fed if their operations have been flooded or otherwise damaged in a storm or other disaster. That helps the Fed to assess the overall impact of the event on the banking system.

Hackers identifying themselves as Anonymous infiltrated the U.S. Sentencing Commission website late last month to protest the government’s treatment of the Swartz case.

Swartz was charged with using the Massachusetts Institute of Technology’s computer networks to steal more than 4 million articles from JSTOR, an online archive and journal distribution service. He faced a maximum sentence of 31 years if convicted.

Cyber-security specialists said that any organization’s computer systems could be breached, and that it was up to an organization like the Fed to prioritize its security needs, in order to protect its most sensitive information from attack.

“Every system is going to have some vulnerability to it. You cannot set up a system that will survive all possible attacks,” said Mark Rasch, director of Privacy and security consulting at CSC and a former federal cyber crimes prosecutor.

“You have to defend against every possible vulnerability and the attackers only have to find one way in,” he said.

(Additional reporting by Jim Finkle in Boston; Editing by Lisa Shumaker)

Article source: http://www.nytimes.com/reuters/2013/02/06/business/06reuters-usa-fed-hackers.html?partner=rss&emc=rss

Filed Under: Economy News Tagged With: , ,

Link by Link: ‘Free Culture’ Advocate May Pay High Price

July 25, 2011 by Leave a Comment

That image came to mind with the case of Aaron Swartz, a 24-year-old agitator for free access to information on the Internet who managed to download more than four million articles and reviews onto his laptop computers from a subscription-only digital storehouse. The material was from some of the most prestigious — and expensive — scientific and literary journals in the world.

Like the penny opportunist, Mr. Swartz was invited to sample the wares of the nonprofit online collection Jstor, and he interpreted that invitation quite expansively. Using a program that automatically paged through each issue of more than 1,300 journals, he was able to methodically download their contents, making a copy of almost everything in the collection.

Yet this episode is hardly a joke. Mr. Swartz was arrested last week in Boston on a series of felony counts including wire fraud, computer fraud, unlawfully obtaining information from a protected computer and recklessly damaging a protected computer. If convicted on all counts, the Justice Department said he could face up to 35 years in prison and $1 million in fines.

Mr. Swartz is not a run-of-the-mill hacking suspect. He has been known for his computer work since he was 14, when he was involved in developing the software behind RSS feeds, which distribute content over the Internet. At the time the investigation began, he was a fellow at the Edmond J. Safra Center for Ethics at Harvard, though he was later placed on leave.

Mr. Swartz did not respond to an e-mail seeking comment. His lawyer would not comment other than to note that Mr. Swartz had pleaded not guilty to the indictment, which “puts everything in it in dispute.”

It should be emphasized, however, that Mr. Swartz was not trying to profit from his activities. He has been a fierce advocate of redistributing information, so much so that in 2008 he promoted a Guerrilla Open Access Manifesto (no longer available online) that said it was imperative to “take information, wherever it is stored, make our copies and share them with the world.”

We are not talking about the latest X-Men movie or Lady Gaga album. Rather it is the research contained in specialized scientific journals with subscriptions that can cost thousands of dollars; institutions can pay tens of thousands of dollars to Jstor. which stands for Journal Storage, for a subscription that bundles these publications online.

That money, Jstor says, is needed to collect and distribute the material and, at times, subsidize institutions that cannot afford it. Founded in 1995, Jstor started with 10 journals available to a few American universities and has since expanded to include about 325,000 journal issues available at more than 7,000 institutions.

His supporters question why the government has reacted so strongly. “This makes no sense,” said David Segal, executive director of Demand Progress, an organization Mr. Swartz founded to rally support online for an open Internet. “It’s like trying to put someone in jail for allegedly checking too many books out of the library.”

The government had its own interpretation of what Mr. Swartz did. “Stealing is stealing, whether you use a computer command or a crowbar, and whether you take documents, data or dollars,” the United States attorney for Massachusetts, Carmen M. Ortiz, said last week in a statement about the case. “It is equally harmful to the victim whether you sell what you have stolen or give it away.”

In the government indictment, Mr. Swartz is described as becoming more and more devious in his downloading, signing on with a fake name as a visitor to the M.I.T. campus, and then, when detected, taking more serious steps. At one point, the government says, he tried to get access to the university’s network at a wiring closet, and in an attempt to evade security cameras “held his bicycle helmet like a mask to shield his face, looking through ventilation holes in the helmet.”

Article source: http://feeds.nytimes.com/click.phdo?i=e34927aae4121857d7e86c9633ddafcf

Filed Under: Business News Tagged With: , ,