Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Probes FDIC Hack Linked To China's Military: Reuters (reuters.com)

Posted by BeauHD on from the trip-down-memory-lane dept.

An anonymous reader quotes a report from Reuters: The FBI is investigating how hackers infiltrated computers at the Federal Deposit Insurance Corporation for several years beginning in 2010 in a breach senior FDIC officials believe was sponsored by China's military, people with knowledge of the matter said. The security breach, in which hackers gained access to dozens of computers including the workstation for former FDIC Chairwoman Sheila Bair, has also been the target of a probe by a congressional committee. The FDIC is one of three federal agencies that regulate commercial banks in the United States. It oversees confidential plans for how big banks would handle bankruptcy and has access to records on millions of individual American deposits. Last month, the banking regulator allowed congressional staff to view internal communications between senior FDIC officials related to the hacking, two people who took part in the review said. In the exchanges, the officials referred to the attacks as having been carried out by Chinese military-sponsored hackers, they said. The staff was not allowed to keep copies of the exchanges, which did not explain why the FDIC officials believe the Chinese military was behind the breach. After FDIC staff discovered the hack in 2010, it persisted into the next year and possibly later, with staff working at least through 2012 to verify the hackers were expunged, according to a 2013 internal probe conducted by the FDIC's inspector general, an internal watchdog. The intrusion is part of series of cybersecurity lapses at the FDIC in recent years that continued even after the hack suspected to be linked to Beijing. This year, the FDIC has reported to Congress at least seven cybersecurity incidents it considered to be major which occurred in 2015 or 2016.

12 of 22 comments (clear)

  1. Are there going to be cries of "fake news" now? by Dutchmaan · · Score: 2

    Let's see how readily people accept THIS hacking story.... Will it receive the same level of scrutiny and dismissal as Russia's hacking?

    1. Re:Are there going to be cries of "fake news" now? by Dutchmaan · · Score: 2

      While I absolutely applaud the effort to make stories more accurate and accountable. I'm somewhat dismayed that even the slightest bit of questioning of a news story automatically makes it "fake" To claim a story as "fake" is as irresponsible and blindly accepting conclusions... Always QUESTION a stroy, but don't let your questions be framed in order to support a pre-drawn conclusion. That's yellow journalism. Question the story, and fill the holes or find out why the holes are there. People need lessons in journalism.

    2. Re:Are there going to be cries of "fake news" now? by hey! · · Score: 1

      No. Just because I don't want a trade war with China doesn't mean I want them hacking our institutions. China is not our friend. Nor is Russia.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  2. Proof? by Anonymous Coward · · Score: 1

    All these "hacks" are always third-hand accounts from "anonymous sources"

    Have you noticed all the "proof" is always "classified"? Why should a rational, thinking person believe any of this? Present hard evidence or STFU.

    "If only you knew what I knew...", etc.

    All of this is predicated on the trust of government officials, which I have NONE of.

    1. Re:Proof? by anegg · · Score: 1

      I suspect that most of the "government officials" haven't the faintest clue what is going on. However, its a lot "better" to be hacked by a well-funded nation state than by Jane Script-Kiddie.

  3. One of many agencies by rickb928 · · Score: 3

    ..that should be airgapping critical systems. Passing correspondence through multiple filters. Moving data into these airgapped systems without any reverse channel, as in copy to a USB stick, put to airgapped host, extracted and scanned, USB stick destroyed and not reused.

    I'm glad I don't do this security work any more. It's nearly impossible. I just work at one of the financial institutions the FDIC would monitor, and I can;t even mail my own W-2 to myself. They test me annoyingly often with phishing tests, block media, my VP gets hate mail when I violate some rule, I cannot even chat PII internally any more, have to send it via encrypted internal email. All to merely hope we do not end up on the front page of the fishwrap, finally violated.

    I don't even talk to my friends in security, networking, or compliance anymore. We have nothing safe to talk about.

    --
    deleting the extra space after periods so i can stay relevant, yeah.
    1. Re:One of many agencies by CaptainDork · · Score: 2

      Manning walked in with a Lady Gaga CD; wiped it and burned documents to it, so air gap is no substitute for common sense like disabling CD and USB hardware entry points.

      With today's BYOD, security is much harder to deal with.

      I'm with you: I'm retired out of systems administration and don't miss the paranoia of intrusion fears.

      Shortly after I left, the Firm was hit with ransomware.

      Not my problem.

      --
      It little behooves the best of us to comment on the rest of us.
    2. Re:One of many agencies by AHuxley · · Score: 1

      But if the system is air gapped it won't need so much support over the years. It the system just keeps on working as designed think of the contractors who have lost overtime repairing and upgrading networks and systems.
      Think of the hours of support lost when a US system gets air gapped. Thats years of good paying high tech contractor jobs lost to one hardware fix.

      --
      Domestic spying is now "Benign Information Gathering"
  4. Eye roll... by Frosty+Piss · · Score: 1

    So the FBI is just now discovering this? And we should have a lot of faith that they will "get to the bottom" of this?

    --
    If you want news from today, you have to come back tomorrow.
  5. Re:very hard to "expunge"... by rickb928 · · Score: 1

    And there will be layers of back doors, scheduled to phone home every few days, weeks, months. Decoys set to call other state actors, your own agencies, many individuals, all to obfuscate the true destinations. Drive you crazy for years killing them off just to find you've been playing whack-a-mole while they are playing chess. You end up, sooner than later if you have your effort fully funded from day ONE, capturing and examining every single packet, to build a map of destinations and players.

    And you suspend new hire provisioning, MAC activity, reimage every machine, force password resets after, deny external access until machines are tested, and forbid you've got staff at some conference or exposition, or overseas.

    I just learned last month that if I were to travel overseas for work my machine would have to be scanned before I left to remove sensitive data, and on return it would be taken and a new one issued. I have a list of data I cannot save on it, with instruction to cooperate with authorities and even surrender it if requested.

    Trust no 1

    --
    deleting the extra space after periods so i can stay relevant, yeah.
  6. The more important question by Anonymous Coward · · Score: 1

    I think the question we need to ask is not how the Chinese hacked the FDIC, but why. Remember, China is the second largest holder of US debt. Maybe they are are affaird of another 2008 banking crash, and they want find out if the FDIC can protect the banking system.

  7. Somebody is off-script by Anonymous Coward · · Score: 1

    Everything is RUSSIA's fault these days. Putin did it! Putin's hiding in the closet! Putin's under the bed! The current American president (Obama), who 4 years ago ridiculed Mitt Romney in a presidential debate when Romney warned about Russia ("the 1980s called and they want their foreign policy back"), has his people blaming Russia for almost everything including the alleged hacking of the Democrat party (actually an apparently basic phishing) while hoping nobody notices that the Democrats failed to do what was needed to defend their PRIVATE organization (NOT our government) from hacking/phishing.

    "we have always been at war with eastasia"

    Putin's a nasty guy, but the idea that he is behind everything is both idiotic and the current theme of the Clinton/Obama team.... and while Russia was part of the Soviet Union, it is NOT the Soviet Union.