Markets
02/06/2016

Dozens of Cybersecurity Breaches Shown in US Fed Records: Reuters




US Fed records show that the agency had detected many cases of internal espionage in more than 50 cases of cyber breaches between 2011 and 2015.
 
Reuters reported that in many of the incidents, the central bank's staff suspected hackers or spies, the records show. The Fed's computer systems hold confidential information on discussions about monetary policy that drives financial markets and play a critical role in global banking.
 
With the perceived intention to keep secret the central bank's security procedures , the Fed officials heavily redacted the cybersecurity reports which were obtained by Reuters through a Freedom of Information Act request.
 
Neither questions about whether the hackers accessed sensitive information or stole money nor the identity of the hackers were revealed in the document while the Fed declined to comment.
 
"Hacking is a major threat to the stability of the financial system. This data shows why," said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, a Washington think tank. Lewis reviewed the files at the request of Reuters.
 
Since the records obtained by Reuters include only cases involving the Washington-based Board of Governors, a federal agency that is subject to public records laws, the records represent only a slice of all cyber attacks on the Fed. The accessed reports did not include any reports by local cybersecurity teams at the central bank's 12 privately owned regional branches.
 
Cybersecurity at central banks worldwide is under scrutiny after hackers stole $81 million from a Bank Bangladesh account at the New York Fed and the disclosure of breaches at the Fed comes amidst such an environment.
 
Large financial institutions around the world such as America's largest bank JPMorgan, as well as smaller players like Ecuador's Banco del Austro and Vietnam's Tien Phong Bank have been the target of cyber thieves.
 
140 of the 310 reports provided by the Fed's board cited reports about hacking attempts. In some reports, the incidents were not classified in any way.
 
Fed staff wrote that the cases involved "malicious code," referring to software used by hackers in eight information breaches between 2011 and 2013 when the Fed's trading desk was buying massive amounts of bonds.
 
According to the records, four hacking incidents in 2012 were considered acts of "espionage". The reports show that information was disclosed in at least two of those incidents. The records did not indicate whether there was a breach in the other two incidents.
 
51 cases of "information disclosure" involving the Fed's board were identified in all by the Fed's national team of cybersecurity experts which operates mostly out of New Jersey. A local team at the board registered four such incidents, showed separate reports.
 
According to two former Fed cybersecurity staffers who spoke to Reuters on condition of anonymity, the cases of information disclosure can refer to a range of ways unauthorized people see Fed information. The cyber attacks on the Fed are about as common as at other large financial institutions, said former employees.
 
(Source:www.reuters.com)  

Christopher J. Mitchell
In the same section