http://money.cnn.com/2016/07/13/technology/china-fdic-hack/index.html


China hacked the FDIC - and US officials covered it up, report says

by Jose Pagliery <[email protected]>
<https://twitter.com/intent/user?screen_name=Jose_Pagliery> July 13, 2016:
3:31 PM ET

China's spies hacked into computers at the Federal Deposit Insurance
Corporation from 2010 until 2013 -- and American government officials tried
to cover it up, according to a Congressional report
<https://www.documentcloud.org/documents/2992789-Final-GOP-Interim-Staff-Report-7-12-16.html>
.

The House of Representative's Science, Space and Technology Committee
released its investigative report on Wednesday.

It presents the FDIC's bank regulators as technologically inept -- and
deceitful.

According to congressional investigators, the Chinese government hacked
into 12 computers and 10 backroom servers at the FDIC, including the
incredibly sensitive personal computers of the agency's top officials: the
FDIC chairman, his chief of staff, and the general counsel.

When congressional investigators tried to review the FDIC's cybersecurity
policy, the agency hid the hack, according to the report.

Investigators cited several insiders who knew about how the agency
responded. For example, one of the FDIC's top lawyers told employees not to
discuss the hacks via email -- so the emails wouldn't become official
government records.

FDIC Chairman Martin Gruenberg is being summoned before the Congressional
committee on Thursday to explain what happened.

The FDIC refused to comment. However, in a recent internal review
<https://www.documentcloud.org/documents/2993253-16-004AUD.html>, the
agency admits that it "did not accurately portray the extent of risk" to
Congress and recordkeeping "needs improvement." The FDIC claims it's now
updating its policies.

Given the FDIC's role as a national banking regulator, the revelation of
this hack poses serious concern.

Related: Are Chinese hackers dialing back attacks on the U.S.?
<http://money.cnn.com/2016/06/21/technology/china-cyberespionage-us/index.html?iid=EL>

The FDIC's role is to monitor any bank that isn't reviewed by the Federal
Reserve system. It has access to extremely sensitive, internal information
at 4,500 banks and savings institutions.

The FDIC also insures deposits at banks nationwide, giving it access to
huge loads of information on Americans.

"Obviously it's indicative of the Chinese effort to database as much
information as possible about Americans. FDIC information is right in line
with the deep personal information they've gone for in the past," said
computer security researcher Ryan Duff. He's a former member of U.S. Cyber
Command, the American military's hacking unit.

"Intentionally avoiding audits sounds unethical if not illegal," he added.

Congressional investigators discovered the hacks after finding a 2013 memo
from the FDIC's own inspector general to the agency's chairman, which
detailed the hack and criticized the agency for "violating its own policies
and for failing to alert appropriate authorities."

Related: Chinese man admits to cyber spying on Boeing and other U.S. firms
<http://money.cnn.com/2016/03/24/technology/china-cyber-espionage-military/index.html?iid=EL>

The report also says this culture of secrecy led the FDIC's chief
information officer, Russ Pittman, to mislead auditors. One whistleblower,
whose identity is not revealed in the report, claimed that Pittman
"instructed employees not to discuss... this foreign government penetration
of the FDIC's network" to avoid ruining Gruenberg's confirmation by the
U.S. Senate in March 2012.

David Kennedy, a computer security expert and former analyst at the NSA spy
agency, worries that federal agencies are repeatedly hiding hacks "under
the blanket of national security."

"With such a high profile breach and hitting the top levels of the FDIC,
it's crazy to me to think that this type of information wasn't publicly
released. We need to be deeply concerned around the disclosure process
around our federal government," said Kennedy, who now runs the
cybersecurity firm TrustedSec.

Related: China blames criminals for U.S. government hack
<http://money.cnn.com/2015/12/02/technology/china-hack-denial/index.html?iid=EL>

This same committee, led by Republican Congressman Lamar Smith of Texas,
has previously criticized the FDIC for minimizing data breaches.

Several cybersecurity experts -- who have extensive experience guarding
government computers -- expressed dismay at the alleged coverup.

"It's incumbent upon our policymakers to know about these data breaches so
we can properly evaluate our defenses. Trying to hide successful intrusions
only makes it easier for the next hacker to get in," said Dan Guido, who
runs the cybersecurity firm Trail of Bits.




------------------------------
[image: Avast logo] <https://www.avast.com/antivirus>

This email has been checked for viruses by Avast antivirus software.
www.avast.com <https://www.avast.com/antivirus>



__._,_.___
------------------------------
Posted by: "Beowulf" <[email protected]>
------------------------------


Visit Your Group
<https://groups.yahoo.com/neo/groups/grendelreport/info;_ylc=X3oDMTJmdWpoa2w4BF9TAzk3MzU5NzE0BGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDdnRsBHNsawN2Z2hwBHN0aW1lAzE0Njg1MTcxNjU->


[image: Yahoo! Groups]
<https://groups.yahoo.com/neo;_ylc=X3oDMTJlcXFtNnY0BF9TAzk3NDc2NTkwBGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDZnRyBHNsawNnZnAEc3RpbWUDMTQ2ODUxNzE2Ng-->
• Privacy <https://info.yahoo.com/privacy/us/yahoo/groups/details.html> •
Unsubscribe <[email protected]?subject=Unsubscribe>
• Terms of Use <https://info.yahoo.com/legal/us/yahoo/utos/terms/>

__,_._,___

-- 
-- 
Thanks for being part of "PoliticalForum" at Google Groups.
For options & help see http://groups.google.com/group/PoliticalForum

* Visit our other community at http://www.PoliticalForum.com/  
* It's active and moderated. Register and vote in our polls. 
* Read the latest breaking news, and more.

--- 
You received this message because you are subscribed to the Google Groups 
"PoliticalForum" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to