St. Louis Fed says research section hacked

The St. Louis branch of the Federal Reserve Bank has acknowledged that hackers manipulated settings on its website for research data, but that the central bank itself was not compromised.

In a statement this week, the St. Louis Fed, one of 12 regional centers for the US central bank, said the incident took place April 24.

The statement said "hackers manipulated routing settings at a domain name service (DNS) vendor used by the St. Louis Fed so that they could automatically redirect some of the Bank's web traffic that day to rogue webpages they created to simulate the look of the St. Louis Fed's research.stlouisfed.org website."

According to the statement, anyone who was redirected to one of these phony websites "may have been unknowingly exposed to vulnerabilities that the hackers may have put there, such as phishing, malware and access to user names and passwords."

The statement dated Monday said "the St. Louis Fed's website itself was not compromised" but that it was urging anyone visiting the affected website to reset passwords "out of an abundance of caution."

Online security blogger Brian Krebs said that while it was unclear where the attacks came from, "it seems likely that it is related to state-sponsored hacking activity from a foreign adversary."

He added that if the attack also compromised email accounts from the institution "this could be a much bigger deal."

© 2015 AFP