The Chinese government may have hacked into computers at the Federal Deposit Insurance Corporation on multiple occasions between 2010 and 2013, according to a congressional report.
The report describes various instances of in which current or former FDIC employees inadvertently downloaded sensitive data to portable storage devices, which were later removed from the office. Rep. Lamar Smith, R-Texas, chairman of the U.S. House Science, Space, and Technology Committee, described the FDIC’s cybersecurity efforts as “lax” and asserted that “major improvements need to be made to the FDIC’s cybersecurity mechanism.”
The FDIC was originally established in 1933 to provide insurance for bank investments and create confidence in the American financial system.
The interim report was issued last Wednesday by the Republican majority of the U.S. House Science, Space, and Technology Committee.
However, the report’s most serious accusation addresses the agency’s handling of the hacks. According to the report, the FDIC not only failed to report major hacks, but also actively worked to “evade congressional oversight” during the congressional investigation.
The FDIC’s attempts to avoid congressional oversight included the agency’s top lawyer instructing employees not to discuss the hacks via email. The FDIC’s chief information officer at the time, Russ Pittman, also called on employees not to discuss the hack. The FDIC’s efforts were apparently an effort not to jeopardize current Chairman Martin Gruenberg’s impending congressional confirmation in 2012.
According to a source close to the investigation, the servers that were targeted indicate the hackers were seeking “economic intelligence.” These accusations follow the hacking of the Office of Personnel Management last year, which saw Chinese hackers obtain the personal records of 22 million current and former government employees.
In September 2015, the United States and China agreed not to engage in corporate cyber espionage and established a joint dialogue to discuss cybercrime. A report by FireEye cybersecurity firm indicated a decrease in Chinese cyber corporate espionage hacking since mid-2014. However, the report also claims Chinese cyberattacks were becoming much more targeted and aimed at specific infrastructure.
The FDIC’s concealment of major data hacks between 2010 and 2013 is worrisome and highlights a continued detriment to U.S. cybersecurity. Cyberspace is incredibly dynamic and the sharing of information is critical in combating cyberattacks. The FDIC’s failure to notify Congress at the time of these major data breaches may have left other agencies vulnerable to similar Chinese cyber espionage attempts.