China likely launched a cyber-attack against the US Federal Deposit Insurance Corporation (FDIC) between 2010 and 2013, but employees masked the crime to protect its top executive, according to a July 13 report released by the US House Science, Space and Technology Committee.
The report came amid mounting concern on the susceptibility of the international banking system to cyber threats.
It is also the newest testament to the US government’s strong belief that China has breached its computers.
This is not the first time that the US government accused Beijing of cyber-attacks at federal agencies. In 2014, it blamed China for high-profile theft of over 22.1 million background check records from the Office of Personal Management.
News about a foreign government having compromised FDIC computers first surfaced in May.
But in the recent congressional report, an internal FDIC investigation pointed to the Chinese government as the mastermind of the cyber-attacks, which were concealed to protect Martin Gruenberg’s position.
According to the report, CIO Russell Pittman ordered FDIC employees to not divulge the hacking incidents to avoid jeopardizing Gruenberg’s promotion from vice chairman to chairman.
Gruenberg was nominated for chairmanship by President Barack Obama in 2011 and confirmed in 2012.
The security breaches were revealed to the Congress a year after.
Hackers used a backdoor malware and compromised 12 computers including those of former general counsel and former chief of staff, and 10 servers.
No specific evidence, however, was cited in the report.
It also remains unclear what type of data was stolen from the hacked computers.
But a source familiar with the internal investigation insinuated that intruders were likely looking for “economic intelligence,” said a Reuters news report.
The congressional report also pointed to a former FDIC employee who handed over a storage device with more than 70,000 documents of personally identifiable information and bank records.
It also accused FDIC of having created a toxic work environment to dissuade staffers from report hacks and for not having a sufficient computer security defence
“The committee’s interim report sheds light on the FDIC’s lax cyber security efforts,” said Lamar Smith, a Republican representative from Texas and chairman of the House of Representatives Committee on Science, Space and Technology.
“The FDIC’s intent to evade congressional oversight is a serious offense. Major improvements need to be made to the FDIC’s cyber security mechanisms.”
The congressional report comes during an ongoing extensive investigation, which has already included one hearing, seven transcribed interviews of FDIC employees, and review of about 15,000 documents produced by the regulator, the FDIC Inspector General, and whistleblowers.
The FDIC is an independent agency that preserves and promotes public confidence in the US financial system by insuring deposits in banks and thrift institutions for at least $250,000. It also identifies monitors and addresses risks to the deposit insurance funds and limits the effects of a failure of a bank or thrift institution on the economy and the financial system.
