The Chinese government is believed to have hacked into the Federal Deposit Insurance Corporation (FDIC) in 2010, 2011, and 2013. The House of Representative’s Science, Space and Technology Committee released a report on Wednesday (July 13, 2016) stating that the Chinese government hacked into 12 computers and 10 backroom servers at the FDIC. The 12 computers hacked include FDIC Chairman Martin Gruenberg, his chief of staff, and the general counsel.
Although the hacks occurred between 2010 and 2013, they are just now coming to light as the agency hid the hacks when congressional investigators tried to review the FDIC’s cybersecurity policy. The investigation said that the attacks were covered to protect Gruenberg’s position, who took office in 2011. In order to avoid getting in the way of Gruenberg’s confirmation by the Senate in March 2012, employees were instructed not to discuss this foreign government penetration of the FDIC’s network.
“The committee’s interim report sheds light on the FDIC’s lax cyber security efforts,” said Chair Lamar Smith. “The FDIC’s intent to evade congressional oversight is a serious offense.”
The Rub - Mandatory Reporting Laws
Businesses in almost every state in the US are required by law to disclose data breaches - 47 states to be exact. At least with the recent Office of Personnel Managment hack, the breach was disclosed and victims were notified.
Finger Pointing
While all fingers are being pointed at the Chinese government, Zhu Haiquan, the spokesman at the Chinese Embassy in Washington said that China firmly opposes taking responsibility for the hacks and is committed to combatting all forms of cybercrimes. “China and the United States have already established a high-level joint dialogue mechanism on fighting cybercrime and related issues... Making unfounded accusations is counterproductive,” said Haiquan.
The issue of blaming the Chinese government for the hacks is extremely sensitive since the disclosure last year of a massive breach of the U.S. Office of Personnel Management’s database, which the U.S. believe was carried about by Chinese cyber spies. In the breach, which is one of the worst in history, the personal files of 21 million Americans were stolen.
Unclear What was Stolen
It is unclear as to what was discovered or stolen during the breach. In a breach where there is a lack of proactive forensic data collection, it should be assumed everything was stolen. The FDIC, which was created during the Great Depression, maintains a multi-billion dollar insurance fund and monitors and examines the financial condition of U.S. banks, keeping confidential information on about 9,000 banks.
“With such a high-profile breach and hitting the top levels of the FDIC, it’s crazy to me to think that this type of information wasn’t publicly released,” said David Kennedy, a computer security expert and former analyst at the NSA spy agency. “We need to be deeply concerned around the disclosure process around our federal government.”
Gruenberg was summoned before the congressional committee on Thursday, July 14th 2016 to explain the fiasco.
