Anonymous Strike Stokes Financial Data Security Fears

Cybercrime syndicate Anonymous was back in the headlines this past weekend, preempting the Super Bowl news cycle with a concerning announcement. Social media spokesmen for the clandestine group are suggesting that they are now in possession of a detailed portfolio of intelligence on approximately 4,000 members of the banking industry. As investigators attempt to trace the original source of data security vulnerability, both financial institutions and account holders are anxiously assessing their risk levels.

The illicit payload was originally posted to the homepage of the Alabama Criminal Justice Information Center (ACJIC) before being removed by site administrators. According to CSO Online, traces of the documents can still be found in Google's web cache, and contain contact information for employees ranging from C-level executives to bank tellers. Further investigation has revealed that at least a portion of that data is current and active.

Aside from phone numbers and email addresses, the Anonymous file contained hashed passwords from stolen login credentials. While the "salt" contributed by the data encryption software makes the account information much harder to crack, the banking industry is still understandably rattled by the reports.

"[T]hey had to have very deep access to get those combinations," one security researcher told the news source.

Federal ramifications
Anonymous' initial social media proclamation implied that the data had been obtained from the Federal Reserve Board, and previous displays of power would suggest that government breaches are within the group's skill set. The prosecution and untimely death of digital rights activist and programming phenom Aaron Swartz has also served as a touchstone for hacktivist offensives in recent weeks.

According to ZDNet, privileged access to certain federal banking services could give hackers a presence on platforms responsible for literally trillions of dollars in trading each day. As a result, potentially affected entities are simultaneously hoping encryption stands up to illegal intrusions and planning threat mitigation strategies in the event hackers were able to bypass the defenses.