US Central Bank Records Show 50 Cybersecurity Breaches Since 2011

Over 50 known cybersecurity breaches were detected by the U.S. Federal Reserve between 2011 and 2015, Fed Reserve records have revealed.

The United States Federal Reserve, the country’s central bank, has detected over 50 cybersecurity breaches between 2011 and 2015 alone.

Several espionage incidents were detected, with staff suspecting foreign hackers or spies involved in many of the incidents, according to the report obtained by Reuters.

The Fed Reserve’s computer network plays a notably critical role in the global banking framework and often holds confidential information on discussions about monetary policy. Such data is often the fabric that weaves and drives financial markets globally.

Notably, the records only show a portion of all cyber attacks on the Fed because they are restricted to cases that only involve the Washington-based Board of Governors. The federal agency is subject to public record laws and is fundamentally how Reuters obtained the report, due to the Freedom of Information Act.

The 50 cyber breaches do not include any of the reports by local cybersecurity installations at the central bank’s 12 regional branches, all of which are privately owned.

In eight breaches between 2011 and 2013, Fed staff wrote in the report that multiple cases of cyber attacks involved “malicious code”, a nod to the malware used by hackers. The two-year time period was during the time when the Fed Reserve’s trading desk was buying huge amounts of bonds.

Four specific hacking incidents from 2012 were deemed acts of “espionage” the records revealed.

Altogether, 51 cases of “information disclosure” were identified involving by the Fed’s board, by the national team of cybersecurity sleuths put in place by the Fed. The term ‘information disclosure’ includes several ways through which unauthorized access and people access Fed information. Spear phishing attempts, Fed emails sent to the wrong recipients and hacking attacks are some cases.

The national cybersecurity team set up by the Fed, known as the National Incident Response Team (NIRT) created 263 incident reports, as obtained by Reuters.

To throw some light into how overworked the team is, NIRT employees, under the condition of anonymity revealed that the team had once worked for five-straight days, around the clock, to patch critical systems’ software. The software was used by hackers to gain access to the Fed systems, in order to obtain passwords.

To take breaks between working, one employee admitted to taking naps at an office desk.


Leave a Reply