St. Louis Fed hit with hack
NEW YORK — Visitors to parts of the St. Louis Federal Reserve’s website last month were sent to phony sites that could be used to steal their personal information.
The hack targeted the St. Louis Fed’s Web servers — not the Fed branch itself or its website.
This kind of “domain name server hack” sends a person to a different site, often laced with malware or phishing software. The fake sites were designed to look exactly like the St. Louis Fed’s website, so that victims weren’t tipped off to the scam.
It’s akin to dialing your bank’s telephone number, only to be automatically redirected to an imposter who pretends to be your banker. If you give up your bank account information, thinking you are talking to your bank, you’re out of luck.
Visitors who navigated to research.stlouisfed.org on April 24 were potentially affected.
“If you attempted to log into your user account on that date, it is possible that this malicious group may have accessed your user name and password,” the bank said in a statement. “Users who were redirected to one of these phony websites may have been unknowingly exposed to vulnerabilities that the hackers may have put there.”
Security researcher Brian Krebs first reported the hack.
The research page on the St. Louis Fed’s site that was targeted includes historical economic information and a large database of publications and reports.
The St. Louis Fed’s research website is not used for communications with other banks, according to a bank spokeswoman.
By David Goldman