Federal Reserve E-Banking System Outages
A system widely used by U.S. banks to process large volumes of payroll, credit and debit card transactions experienced intermittent outages on Monday and Tuesday, possibly due to some sort of malfunction or communications failure in portions of the Federal Reserve's "automated clearing house" (ACH) network, Security Fix has learned.
Security Fix received an anonymous tip from an individual who claimed to work at a mid-sized bank that experienced trouble transferring ACH files across the Fed's network between 10:00 p.m. ET and 3:00 a.m. ET on Nov. 27 and 28. The source said a Federal Reserve technician reported that the problem was affecting numerous financial institutions across the country on Monday.
Federal Reserve spokesman David Skidmore declined to confirm whether the problem had been fully corrected or provide any additional details about the source or full extent of the disruptions, offering only the following statement:
"Yesterday and today, some of the smaller and medium sized banks that access Federal Reserve payment services through a Web-based Federal Reserve product called 'Fedline Advantage' experienced intermittent access problems. The Federal Reserve payment staff worked with individual banks to resolve the problems and all were able to complete their transactions."
Skidmore declined to speculate on how many transactions were delayed or for how long, nor would he estimate a dollar amount affected by the glitches. According to the Electronic Payments Association, the "number of ACH payments originated by financial institutions increased to 8.05 billion in 2002" and "there were a total of 8.94 billion ACH payments in 2002 worth more than $24.4 trillion."
In addition to handling credit, debit and direct deposit of payroll and Social Security payments, the Fed's ACH payment system also facilitates direct payment of consumer bills such as mortgages, loans, utility bills, and insurance, as well as business-to-business and federal, state and local tax payments.
I put a call in to the folks at AT&T Corp., which apparently operates the underlying communications network dedicated to the Fed's ACH system. If and when I hear back from them, I will update this blog post.
By Brian Krebs |
November 28, 2006; 11:25 PM ET
Latest Warnings
Previous: Apple Patches 31 Security Holes |
Next: MySpace Video Worm Pimps Adult Content
Posted by: Norris Klesman | November 29, 2006 9:53 AM
nothing o say!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1
Posted by: bon jovi | November 29, 2006 10:45 AM
May be just a coincidence, but Qwest has been experiencing some fairly major intermittent outages in the DC area since Monday as well. But I don't see any discussion of either situation on NANOG, so maybe these are independent, localized problems.
Posted by: antibozo | November 29, 2006 12:27 PM
Hmmm..interesting.
Google Video has a plethora of videos about the 'Fed worth checking out.
The national debt has climbed to alarming levels since the Federal Reserve was created in 1913.
Source: U.S. Treasury, Bureau of the Public Debt
As a result, the Federal Reserve Note (US dollar) has lost 96% of its purchasing power since 1913.
Posted by: | November 29, 2006 9:17 PM
> As a result, the Federal Reserve Note (US dollar) has lost 96% of its purchasing power since 1913.
That's interesting. So you're saying that, in 1913, a high-definition TV cost around 20 times as much as it does now?
Posted by: aeschylus | November 30, 2006 2:07 PM
Begging everyone's indulgence over extraneous topic. But does anyone know what, if anything, can be done about a spammer "spoofing" your domain address and sending out spam under the name of your domain.
I getting literally dozens of bounce-backs from email I never sent. The header information is indecipherable (to my untrained eye, anyway). I am very concerned about not only someone impersonating my domain name, but I cannot even determine what the contents of the emails are--for all I know it could be some kind of illegal scam or worse.
I contacted my Web host twice, and they were indifferent to the point of arrogance. Any tips greatly appreciated.
Posted by: The Eyewitness Muse | December 1, 2006 8:24 AM
Still not much you can do about that.
Your best bet may be to publish SPF records in your DNS zone. This allows SMTP servers to determine whether mail with your domain in the envelope sender is coming from an IP address that should be allowed to send such mail. The problem is that a minority of SMTP servers actually do so.
See:
http://en.wikipedia.org/wiki/Sender_Policy_Framework
There are also links in that article to info about some other methods, such as Domain Keys.
Posted by: antibozo | December 1, 2006 11:28 AM
With regard to Monday and Tuesday's ACH outages, one wonders if they might have been early signs of this:
http://today.reuters.com/news/articlenews.aspx?type=internetNews&storyID=2006-12-01T061519Z_01_WBT006236_RTRUKOC_0_US-SECURITY-USA-QAEDA.xml&WTmodLoc=InternetNewsHome_C1_%5bFeed%5d-8
http://www.cnn.com/2006/TECH/internet/12/01/cyber.warning.ap/index.html
http://isc.sans.org/diary.php?storyid=1899
Posted by: antibozo | December 1, 2006 11:57 AM
Thanks for the info antibozo!
I'll review your link and its links forthwith--you have taken much more time and effort than my host, and I pay them!
Glad to know there are IT-types that care, have a great weekend.
The Muse
Posted by: The Eyewitness Muse | December 1, 2006 12:42 PM
The comments to this entry are closed.
I found this on the Fed Reserve Financial Services at 0950EST today after reading your article.
It appears to verify the story.
FedACH Status
FedACH Services
Last Updated: November 29, 2006 3:05 AM Eastern Time
FedACH began processing for 11/29/06 at 03:01 AM ET and is operating normally.