FBI Probes FDIC Hack Linked To China's Military: Reuters (reuters.com) 22
An anonymous reader quotes a report from Reuters: The FBI is investigating how hackers infiltrated computers at the Federal Deposit Insurance Corporation for several years beginning in 2010 in a breach senior FDIC officials believe was sponsored by China's military, people with knowledge of the matter said. The security breach, in which hackers gained access to dozens of computers including the workstation for former FDIC Chairwoman Sheila Bair, has also been the target of a probe by a congressional committee. The FDIC is one of three federal agencies that regulate commercial banks in the United States. It oversees confidential plans for how big banks would handle bankruptcy and has access to records on millions of individual American deposits. Last month, the banking regulator allowed congressional staff to view internal communications between senior FDIC officials related to the hacking, two people who took part in the review said. In the exchanges, the officials referred to the attacks as having been carried out by Chinese military-sponsored hackers, they said. The staff was not allowed to keep copies of the exchanges, which did not explain why the FDIC officials believe the Chinese military was behind the breach. After FDIC staff discovered the hack in 2010, it persisted into the next year and possibly later, with staff working at least through 2012 to verify the hackers were expunged, according to a 2013 internal probe conducted by the FDIC's inspector general, an internal watchdog. The intrusion is part of series of cybersecurity lapses at the FDIC in recent years that continued even after the hack suspected to be linked to Beijing. This year, the FDIC has reported to Congress at least seven cybersecurity incidents it considered to be major which occurred in 2015 or 2016.
Are there going to be cries of "fake news" now? (Score:3)
Re: (Score:3)
Re: (Score:2)
No. Just because I don't want a trade war with China doesn't mean I want them hacking our institutions. China is not our friend. Nor is Russia.
Proof? (Score:1)
All these "hacks" are always third-hand accounts from "anonymous sources"
Have you noticed all the "proof" is always "classified"? Why should a rational, thinking person believe any of this? Present hard evidence or STFU.
"If only you knew what I knew...", etc.
All of this is predicated on the trust of government officials, which I have NONE of.
Re: (Score:2)
One of many agencies (Score:4)
..that should be airgapping critical systems. Passing correspondence through multiple filters. Moving data into these airgapped systems without any reverse channel, as in copy to a USB stick, put to airgapped host, extracted and scanned, USB stick destroyed and not reused.
I'm glad I don't do this security work any more. It's nearly impossible. I just work at one of the financial institutions the FDIC would monitor, and I can;t even mail my own W-2 to myself. They test me annoyingly often with phishing tests, block media, my VP gets hate mail when I violate some rule, I cannot even chat PII internally any more, have to send it via encrypted internal email. All to merely hope we do not end up on the front page of the fishwrap, finally violated.
I don't even talk to my friends in security, networking, or compliance anymore. We have nothing safe to talk about.
Re: (Score:3)
Manning walked in with a Lady Gaga CD; wiped it and burned documents to it, so air gap is no substitute for common sense like disabling CD and USB hardware entry points.
With today's BYOD, security is much harder to deal with.
I'm with you: I'm retired out of systems administration and don't miss the paranoia of intrusion fears.
Shortly after I left, the Firm was hit with ransomware.
Not my problem.
Re: (Score:2)
Think of the hours of support lost when a US system gets air gapped. Thats years of good paying high tech contractor jobs lost to one hardware fix.
Re: (Score:2)
And there will be layers of back doors, scheduled to phone home every few days, weeks, months. Decoys set to call other state actors, your own agencies, many individuals, all to obfuscate the true destinations. Drive you crazy for years killing them off just to find you've been playing whack-a-mole while they are playing chess. You end up, sooner than later if you have your effort fully funded from day ONE, capturing and examining every single packet, to build a map of destinations and players.
And you suspe
Eye roll... (Score:2)
So the FBI is just now discovering this? And we should have a lot of faith that they will "get to the bottom" of this?
The more important question (Score:1)
I think the question we need to ask is not how the Chinese hacked the FDIC, but why. Remember, China is the second largest holder of US debt. Maybe they are are affaird of another 2008 banking crash, and they want find out if the FDIC can protect the banking system.
Somebody is off-script (Score:1)
Everything is RUSSIA's fault these days. Putin did it! Putin's hiding in the closet! Putin's under the bed! The current American president (Obama), who 4 years ago ridiculed Mitt Romney in a presidential debate when Romney warned about Russia ("the 1980s called and they want their foreign policy back"), has his people blaming Russia for almost everything including the alleged hacking of the Democrat party (actually an apparently basic phishing) while hoping nobody notices that the Democrats failed to do wha