Sunday, June 5, 2016

The Fed Was Hacked More Than 50 Times Between 2011 And 2015

Source - Zero Hedge

by Tyler Durden

In the aftermath of the bizarre SWIFT hack that supposedly allowed brazen Asian hackers to steal $81 million from the account of the Bangladesh central bank held at the Fed, attention has predictably shifted to the question of whether there was just "one cockroach." As it turns out there were at least 50. As Reuters reports, citing Fed records, "the U.S. Federal Reserve detected more than 50 cyber breaches between 2011 and 2015, with several incidents described internally as "espionage."

The cybersecurity reports, obtained by Reuters through a Freedom of Information Act request, were heavily redacted by Fed officials to keep secret the central bank's security procedures. Reuters notes that in all, the Fed's national team of cybersecurity experts, which operates mostly out of New Jersey, identified 51 cases of "information disclosure" involving the Fed's board. Separate reports showed a local team at the board registered four such incidents.

According to Reuters, the records represent only a slice of all cyber attacks on the Fed because they include only cases involving the Washington-based Board of Governors, a federal agency that is subject to public records laws. Reuters did not have access to reports by local cybersecurity teams at the central bank's 12 privately owned regional branches. Hacking attempts were cited in 140 of the 310 reports provided by the Fed's board. In some reports, the incidents were not classified in any way.

The central bank's staff suspected hackers or spies in many of the incidents. Or just petty criminals, who after figuring out how the system works, figured out how to also submit SWIFT requests on others' behalf and steal tens of millions. "Hacking is a major threat to the stability of the financial system. This data shows why," said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, a Washington think tank. Lewis reviewed the files at the request of Reuters.

Related DDOS Attacks by Anonymous Hits New York Stock Exchange, World Bank, The Fed, & Vatican — Total Media Blackout

Curiously, in eight information breaches between 2011 and 2013 - a time when the Fed's trading desk was buying massive amounts of bonds - Fed staff wrote that the cases involved "malicious code," referring to software used by hackers. One wonders if the NY Fed trading desk had any malware loaded up on it while Simon Potter's crack bond buyers were executing trillions in purchases.

Four hacking incidents in 2012 were considered acts of "espionage," according to the records. Information was disclosed in at least two of those incidents, according to the records. In the other two incidents, the records did not indicate whether there was a breach. It was unclear if the espionage incidents involved foreign governments, as has been suspected in some hacks of federal agencies. Beginning in 2014, for instance, hackers stole more than 21 million background check records from the federal Office of Personnel Management, and U.S. officials attributed the breach to the Chinese government, an accusation denied by Beijing.

While the usual hacking suspects are foreign governments, Reuters notes that espionage might also refer to spying by private companies, or even individuals such British activist Lauri Love, who is accused of infiltrating a server at a regional Fed branch in October 2012. Love stole names, e-mail addresses, and phone numbers of Fed computer system users, according to a federal indictment. The redacted reports obtained by Reuters do not mention Love or any other hacker by name.

* * *

We have previously reported that the Fed has its own private police force; as it turns out the Fed also has its own national cybersecurity team - the National Incident Response Team, or NIRT - which created 263 of the incident reports obtained by Reuters. NIRT operates in a fortress-like building in East Rutherford, New Jersey that also processes millions of dollars in cash everyday as part of the central bank's duty to keep the financial system running, according to the New York Fed's website. The unit provides support to the local cybersecurity teams at the Fed's Board and regional banks, which process more than $3 trillion in payments every day.

The NIRT handles "higher impact" cases, according to a 2013 report by the Board of Governor's Office of Inspector General. One of the two former NIRT employees interviewed by Reuters described being on a team that once worked around the clock for five-straight days to patch software hackers had used to gain access to Fed systems in an attempt to obtain passwords. The former employee worked through several of those nights, taking naps at a desk in the office.

In that case, Fed security staff found no signs that sensitive information had been disclosed, the former employee said. Information about future interest rate policy discussions is isolated from other Fed networks and is more difficult for hackers to access, the former NIRT worker said. But the Fed was under constant assault, much like any large company, the former employee said, and was "compromised frequently."

An internal watchdog has criticized the central bank for cybersecurity shortcomings. A 2015 audit by the Fed board's Office of Inspector General found the board was not adequately scanning databases for vulnerabilities or putting enough restrictions on system access. "There is heightened risk of unauthorized disclosure and inappropriate use of sensitive board information," according to the audit released in November.

The Fed cybersecurity records did not indicate whether hackers accessed sensitive information on the timing or amounts of bond purchases or used it for financial gain.

Readers can make their own conclusion if someone who hacked the Fed used the data for "financial gain."

As for the question what is behind this ongoing onslaught by authorities to "expose" the countless hacks of both commercial and Federal Reserve banks, including the all important SWIFT, we can only assume it is to streamline the implementation of blockchain as the new architecture of global funds flow, an architecture that has been vocally espoused by both Goldman and JPMorgan.
Stillness in the Storm Editor's note: Did you find a spelling error or grammar mistake? Do you think this article needs a correction or update? Or do you just have some feedback? Send us an email at sitsshow@gmail.comThank you for reading.


Sign-up for RSS Updates:  Subscribe in a reader

[Subscribe to Stillness in the Storm Blog by Email]
View and Share our Images
Curious about Stillness in the Storm? 
See our About this blog - Contact Us page.

If it was not for the gallant support of readers, we could not devote so much energy into continuing this blog. We greatly appreciate any support you provide!

We hope you benefit from this not-for-profit site 

It takes hours of work every day to maintain, write, edit, research, illustrate and publish this blog. We have been greatly empowered by our search for the truth, and the work of other researchers. We hope our efforts 
to give back, with this website, helps others in gaining 
knowledge, liberation and empowerment.

"There are only two mistakes one can make along the road to truth; 
not going all the way, and not starting." - Buddha

If you find our work of value, consider making a Contribution.
This website is supported by readers like you. 

[Click on Image below to Contribute]

Support Stillness in the Storm

Sign up for Gaia TV

Sign up for Gaia TV
By signing up through this link you also support SITS