Slashdot Mirror


Federal Reserve To Use Internet For Money Transfer

An anonymous reader writes "According to the New York Post, the Federal Reserve (i.e. Alan Greenspan and Co.) is going to change the way that it transfers money between banks so that transfers now take place over the internet instead of via a private banking network. They aren't specifying the types of security measures that will be used (security through obscurity?) Am I the only one who thinks that this is a very bad idea? Might a DDOS attack on the Fed's computers bring down the entire banking system?" The banks have put some thought into security.

9 of 318 comments (clear)

  1. Paranoia is Useful, but .... by BrownDwarf · · Score: 3, Interesting

    I have to believe that -- if strong accounting controls are built in -- the proposal would be a step in the right direction. A DOS attack slows transfers, which pretty much puts us back to where we are now. The bigger risk is someone illegally diverting funds to an account -- and spending the money before they are caught. Preventing that from happening is the point of maintaining strict access standards and a clear audit trail.

  2. Re:VPN and PGP encrypt! by paganizer · · Score: 4, Interesting

    Not as secure as what they have.
    I worked on FRB hardware (back in 2001, so things might have changed a little). 486 CPU. 56k modem. essentially just a automated BBS style dial-in to the central systems, very cheap, uncomplicated, almost nothing that can screw up, and if it does, easy to fix; completely disconnected from local networks, info fed in by floppy (usually only a couple a day).
    So of course I can understand why they want to modernize; the maintenance budget for the whole system on a yearly basis probably hits $5,000.

    --
    Why, yes, I AM a Pagan Libertarian.
  3. Cardboard boxes by Dlugar · · Score: 4, Interesting
    Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit-card information from someone living in a cardboard box to someone living on a park bench. (Gene Spafford)
    The problem isn't the security of the data that's encrypted--the armored truck isn't going to have any problems--but what about the cardboard box?

    Just as an example, the computer that the data is being sent to has to be connected to the Internet. How secure is this computer from attacks? If someone breaks into that computer, can they get to the unencrypted data?

    Dlugar
    --
    Computer Go: Writing Software to Play the Ancient Game of Go
  4. Re:It seems that they already do. by jimicus · · Score: 3, Interesting

    Why don't they keep the current, private network and just upgrade the machines and the software on that? Why do the upgrade AND move to a less secure network?

    Years ago, when computers first started coming in to general use, every small business wanted a computer. Not because they had any specific problem they thought the computer could fix, but simply because they wanted to "computerise the business".

    My mother (now semi-retired) spent many years running a small accounting business, and attempted to computerise her office several times in the late '80s and early '90s. Failed several times, too. With one notable exception (Sage for DOS), it's only in the last 8 years or so that computing packages for small-business accounting have been any good. For many years, my mother (and her staff) prepared accounts by hand then typed them up - that was the "computer system". Damned if I can think what benefit that brought apart from producing nice-looking accounts.

    Bottom line is, back then people wanted to put things on computers because computers were "The Thing". Now, the US Federal Reserve wants to use the Internet because the Internet is "The Thing".

    Whether or not this is a sound basis for such important decisions is another matter altogether...

  5. Re:Possibly. by vontrotsky · · Score: 5, Interesting

    I'm more worried about another slammer-type attack that floods the Internet.

    While I think that is a completely valid and important concern, it overlooks something key. If terrorists/gangesters/whomever want to damage US financial systems, it's good thing that slammer type attacks are the first thing to come to mind. One of the things that made the WTC such an appealing target on 9/11 was that private corporate networks were dependant on services provide in the towers. The hijackers managed to take down the New York Stock echange for five (?) days, by damaging critical infrastructure. If putting the federal reserve system on the public internet, encourages DOS attacks and decreases the incentive to blow things up (including people), I'm all for it.

    Jeff

  6. Bring it down? Not likely... by seanvaandering · · Score: 3, Interesting

    Might a DDOS attack on the Fed's computers bring down the entire banking system?"

    7--Core Principle VII:
    The system should have a high degree of security and operational reliability and should have contingency arrangements for timely completion of daily processing.


    Let me quoth for those who don't read the articles:

    Fedwire Data Centers
    Three data processing centers support the Fedwire services. One site supports the primary processing environment with on-site backup. A second site serves as an active, "hot" backup facility with on-site backup. A third site serves as a "warm" backup facility. The three data processing centers are located a considerable distance from each other (i.e., hundreds of miles) in order to mitigate the effects of natural disasters, power and telecommunication outages, and other wide-scale, regional disruptions. In addition, all three data centers have appropriate security and include various contingency features, such as redundant power feeds, environmental and emergency control systems, dual computer and network operations centers, and dual customer service centers.


    Take a read through it, and its a really dry read by the way, it looks like they've got it pretty much figured out. Good luck finding those servers and then trying to DDOS them out of existance. Then again, if someone almost got the worldwide DNS root servers offline, then this could be just a drop in the bucket...

  7. Not security questioned but reliability by Whatchamacallit · · Score: 3, Interesting

    The early (DarpaNet) Internet was designed by the US Government as a cold war computing network. It was to remain intact in the event of one or more portions of the network being obliterated in a nuclear attack. Multiple point to point connections that could re-route to reach a destination.

    Today's Internet is much more dependent on large pipelines and due to increased traffic is more vulnerable. Worms like Code Red and others effectively shutdown the Internet making it essentially useless. This lasted for days and weeks as new viruses spun off from the older viruses.

    The question would be not so much the security of the Fed's connectivity but the reliability of that connectivity. Say you have another worm outbreak due to some flaw in WinXP SP2 that causes the Internet to literally flood with massive amounts of traffic that ends up consuming 90% of the bandwidth and ends up bottlenecking and strangling the connections in highly populated areas. The Internet as it exists today needs a serious upgrade in the next few years in regards to bandwidth, encryption, and protocols.

    Just look at what happened in NYC to both the cell phone networks and the landline's when 911 happened. They were so overwhelmed by the network traffic that many people could not make a phone call. Millions of people in NYC picked up the phone and Millions more outside NYC tried to call family and friends in NYC.

  8. Re:What is the Fed? by johnnyb · · Score: 5, Interesting

    "This is the system that has evolved, it works better than the alternatives, and it isn't going to go away."

    Actually, the founding fathers of the US thought that central banking was a bad idea, and Madison even said that central banking was more of a cause for the war than taxes.

    Thomas Jefferson:

    "I believe that banking institutions are more dangerous to our liberties than standing armies. Already they have raised up a moneyed aristocracy that has set the Government at defiance. The issuing power should be taken from the banks and restored to the people to whom it properly belongs."

    "If the American people ever allow private banks to control the issue of their money, first by inflation and then by deflation, the banks and corporations that will grow up around them (around the banks), will deprive the people of their property until their children will wake up homeless on the continent their fathers conquered."

    James Madison:

    "History records that the money changers have used every form of abuse, intrigue, deceit, and violent means possible to maintain their control over governments by controlling the money and its issuance."

    Henry Ford:

    "It is well enough that people of the nation do not understand our banking and monetary system, for if they did, I believe there would be a revolution before tomorrow morning."

    Alan Greenspan:

    "[The] abandonment of the gold standard made it possible for the welfare statists to use the banking system as a means to an unlimited expansion of credit.... In the absence of the gold standard, there is no way to protect savings from confiscation through inflation. There is no safe store of value. If there were, the government would have to make its holdings illegal, as was done in the case of gold.... The financial policy of the welfare state requires that there be no way for the owners of wealth to protect themselves.... [This] is the shabby secret of the welfare statist's tirades against gold. Deficit spending is simply a scheme for the 'hidden' confiscation of wealth. Gold stands in the way of this insidious process. It stands as a protector of property rights."

  9. Re:VPN and PGP encrypt! by ender- · · Score: 3, Interesting

    Well as of the summer of 2003, the credit union I worked for still used a 486 running DOS and a manually dialed 9600bps modem to connect to fedline.
    The resulting floppy was then used to ftp the data to from my workstation to the main host [server].

    Of course, there WAS a hardware crypto-card in the machine. If it got turned off [soft-booting was ok], it required 3 top level executives to come in and enter the keys to get the machine to boot up again.

    It was an interesting combination of old-skool and new tech...

    The visa check-card transactions were also fed through a manually dialed 9600bps modem.

    God I hated that job...

    Ender-