Sixty years ago this December, the third – and according to many critics the best – James Bond film was released. 1964’s Goldfinger told the story of a super-villain with a preposterously on-the-money name, and his plan to destroy the Fort Knox Bullion Depository to increase the value of his gold reserves. It is a dubious plan that economists have questioned in the six decades since the film first came out, but movies are about entertainment, not pure realism.
Clearly, the times have changed, as a very real and very notorious ransomware group has been alleged to have pulled off a heist that could be almost as serious. However, instead of robbing or destroying Fort Knox, the LockBit group, which is believed to operate from within Russia, has claimed responsibility for hacking the Federal Reserve of the United States, comprising 33 terabytes of banking information.
The group claimed responsibility for the hacking on a Dark Web leak site that is believed to be linked to it.
“Federal banking is the term for the way the Federal Reserve of the United States distributes its money. The Reserve operates twelve banking districts around the country which oversee money distribution within their respective districts. The twelve cities that are home to the Reserve Banks are Boston, New York City, Philadelphia, Richmond, Atlanta, Dallas, Saint Louis, Cleveland, Chicago, Minneapolis, Kansas City, and San Francisco,” read the group’s announcement.
“33 terabytes of juicy banking information containing Americans’ banking secrets. You better hire another negotiator within 48 hours, and fire this clinical idiot who values Americans’ bank secrecy at $50,000,” it added.
Very Serious Breach?
The data reportedly includes the confidential details of American banking activities – and if true, could be one of the most significant breaches of financial data in history.
“Unlike many of the major healthcare breaches which were impactful to a wide range of individuals, Lockbit’s breach of the Fed has significant global implications collectively as well as individually,” explained MJ Kaufmann, O’Reilly cybersecurity author and instructor, and founder and principal consultant at cybersecurity research firm Write Alchemist.
“It’s clear that this is a serious concern given the Fed is even bothering to negotiate with criminals,” Kaufmann told ClearanceJobs. “Particularly when there is no guarantee of data recovery or that payment will not prevent them from coming back for future ransoms.”
But Is It Real?
Just as the fictional Goldfinger’s plan was based on deception – and he had convinced his compatriots the plan was to rob Fort Knox rather than destroy the gold, Lockbit’s plan might be just a ploy to gain some attention and possibly collect a ransom despite not succeeding in really breaching the Federal Reserve. Already some experts question whether it really occurred.
“If this is true, this could be one of the most significant Ransomware attacks in history,” said Steve Hahn, executive VP of cybersecurity and ransomware protection firm BullWall.
“A couple of things to note. They have not released any of the data so it is unconfirmed at this point. Second thing, yes this is the same Lockbit that global agencies claimed to have taken down just a few months back and publicly exposed the name of the supposed leader of this group Dmitry Khoroshev,” Hahn told ClearanceJobs. “Khoroshev is said to have very strong ties with Putin himself.”
His public outing has done little to affect Dmitry as he operates with immunity in Russia, and this group operates as a hydra-like organization with multiple heads and is unlikely to be disrupted as new leaders emerge continuously. Yet, it would be unexpected that the group could quickly reform and strike back in such a manner.
Where is the Proof?
The claim of the breach was leaked on the Dark Web with little proof, and following such breaches, threat actors generally do offer some evidence that they were successful, even if the data isn’t particularly valuable.
“If Lockbit truly had data, they would have released a teaser’ as ‘proof of life,'” suggested Karen Walsh, founder, and CEO of cybersecurity provider Allegro Solutions. “The information held by the Federal Reserve would more likely be information about individual banking institutions than Americans using these institutions. The Federal Reserve is essentially ‘the bank for banks, providing financial services to banks and credit unions.”
The claim of “Americans’ banking secrets” being targeted simply seems far less credible.
“If they had the information, they would more likely claim they have landed a critical hit to the entire financial services industry which could cause a global disruption of a critical infrastructure,” Walsh told ClearanceJobs. “This would have been a more damaging claim and one that, if true, would have caused a global disruption. The fact that they did not make this claim implies that any data exfiltrated if any data was exfiltrated, is not high value.”
What’s the Goal Here?
The Federal Reserve could still be a major target, as it is seen as the primary driver of U.S. inflation, and given the ties that Lockbit has with Russia, the attempted attack could be retaliation for the proxy war in Ukraine and to drive up our already high inflation in the U.S.
“Impacting the money supply would massively impact the economy and weaken support for funding war efforts in Ukraine,” Hahn continued.
There is also a chance it is just part of the latest Russian misinformation/disinformation campaign being waged against the United States. The claims that the Federal Reserve has already made the rounds on social media, and many are likely to have believed it occurred despite a lack of evidence.
Russian threat actors have taken down hospitals, healthcare systems such as United Healthcare, and even cities like the City of Oakland, which had to declare a state of emergency after a successful ransomware attack that even disabled 911 services.
Those past attacks may make these recent claims seem all the more credible.
“Such a hack would be potentially embarrassing to the U.S. government and could erode the trust citizens have in the Fed, whose explicit charter is to promote stable prices, promote stability in the financial system and contain risk, promote the safety and soundness of U.S. financial institutions, facilitate payment safety in U.S. dollar transactions and promote consumer protection,” said Hahn. Stability and trust are central to their charter and erosion in that could erode declining confidence in the dollar as well as the economy itself.”
Ransomware Will Continue
The truth remains that there is little that can be done to stop or counter such attacks from occurring in the future. The issue is about how successful the threat actors could be
“The U.S. needs to focus its efforts not just on prevention but containing the attacks and mitigating the risk. Solely relying on prevention means the U.S. government has to be perfect in its defenses – which can’t be done,” warned Hahn. “We have to try to stop these events but simultaneously focus on containing the event rapidly, segmenting the data, limiting the impact, and recovering quickly. Prevention alone will not stop these events.”
It may also make data less valuable if not useless to those who obtain it.
“The best way to protect against any ransomware is to encrypt and immediately backup sensitive files as users or systems create them,” said Ron Arden, executive vice president, CTO and COO at cybersecurity firm Fasoo.
“This ensures that even if someone exfiltrates the data, they can’t read it,” Arden told ClearanceJobs. “And you have a known good copy of the file in a safe location. If the data is in a database, you can use any number of database encryption programs so that if a user downloads it, the data is encrypted. The perpetrators would have nothing of value since all the data is encrypted and is not readable by anyone.”