[ISN] FinCEN Web Site Compromised

InfoSec News isn at c4i.org
Wed Sep 28 00:47:47 EDT 2005


By John Sandman
Standards Editor 
September 27, 2005

The Financial Crimes Enforcement Network's (FinCEN) QuikNews Web site
was hacked last week. The identity and location of those responsible
have yet to be determined. The Treasury Department agency, responsible
for enforcing regulations against money laundering and terrorist
financing, responded by closing down the news site.

A mass e-mail went out from the FinCEN QuikNews address last Friday
that contained two photos, one showing a street in what appeared to be
a Middle Eastern town or city with a large pool of blood. The other
was of a purported Iraqi child lying in what appeared to be a hospital
bed next to a woman dressed in a chador.

Above the photos was the caption: "take back your monsters (army)/you
killed my father and mother/what you want???/ i know (oil) [sic]."

The e-mail, which carried the apparently legitimate FinCEN QuikNews
return address, was time-stamped at 10:02 Friday morning, a day before
an anti-war demonstration in Washington. No one from FinCEN commented
on any possible link between the demonstration and the timing of the
security breach, or the fact that a Treasury Department official was
speaking on terrorist financing and money laundering at a conference
in Washington, D.C. when the breach occurred.

At 10:25 FinCEN sent its own message: "You may have received a message
this morning which appeared to originate from FinCEN's QuickNews
system. This message was not sent by FinCEN and we are currently
investigating its origins."

A second message, which described QuikNews as a subscriber-based
e-mail service that is hosted externally and is separate from FinCEN's
main Web-based operations, said QuikNews, "appears to have been
compromised this morning. We are investigating this incident."

Because the compromised system is "outside FinCEN's security perimeter
and is not connected to other FinCEN systems," the message continued,
"Bank Secrecy Act data and all other sensitive information maintained
by FinCEN was in no way, shape or form compromised by this incident."

As of 5:00 p.m. the site was shut down permanently and FinCEN said it
planned to reinstitute a notification service without reusing the same
mailing list.

FinCEN contacted law enforcement agencies, but spokesperson Anne Marie
Kelly did not identify which ones.

Data security has long been a preoccupation of the securities
industry, even before the attacks on New York and Washington, D.C. on
Sept. 11, 2001. The House Government Reform Subcommittee on
Management, Finance and Accountability is holding hearings on the
subject this week, with Nasdaq CIO Steve Randich expected to testify.

The timing of the FinCEN incident was made more awkward by a Sept. 23
speech that was being given at a World Bank-IMF program in Washington,
D.C. by Daniel L. Glaser, acting assistant secretary of terrorist
financing and financial crimes at the Treasury. "The international
financial system is only as strong as its weakest link," Glaser stated
during his panel, which was assembled to bring together policy makers
and regulators that were building effective anti-money-laundering and
-terrorist-financing systems. "Financial centers that are susceptible
to abuse provide terrorists and criminals with access to the
international financial system as a whole. Therefore, efforts to
combat terrorist financing must be uniform and global. Laxity in just
a few jurisdictions undermines the efforts made by the rest."

More information about the ISN mailing list