Login Register Subscribe
Current Issue

China likely hacked U.S. banking regulator

Reprints

(Reuters) — The Chinese government likely hacked computers at the Federal Deposit Insurance Corporation in 2010, 2011 and 2013 and employees at the U.S. banking regulator covered up the intrusions, according to a congressional report on Wednesday.

"Even the former Chairwoman's computer had been hacked by a foreign government, likely the Chinese," staff at the U.S. House of Representatives Committee on Science, Space and Technology said in the report.

The report was the latest example of how deeply Washington believes that Beijing has penetrated U.S. government computers. But while making the allegation that China was the culprit, the report does not provide specific evidence to support that conclusion.

China's embassy in Washington did not have immediate comment on the allegations. The FDIC, one of the United States' principal banking regulators that keeps confidential data on the biggest banks, did not have immediate comment.

The compromise of the FDIC computers had been previously reported in May and some lawmakers had mentioned China as a possible suspect, but the investigation for the first time cites an internal FDIC probe as pointing toward China.

It is often difficult to determine the identity of a malicious actor in cyberspace, although China is believed to have been behind a number of intrusions at other federal agencies in recent years.

The report follows accusations by the United States that China stole more than 21 million background check records from the federal Office of Personnel Management beginning in 2014.

China has long been a hacking adversary for the United States, although intelligence officials believe Beijing has decreased its hacking activity since signing a pledge with Washington last September to refrain from breaking into computer systems for the purposes of commercial espionage.

A source familiar with the FDIC's internal investigation said the areas of the regulator's network that were hacked suggested the intruders were seeking "economic intelligence."

The congressional staff report accused the FDIC of trying to cover up the hacks so as not to endanger the congressional approval of the regulator's chairman, Martin Gruenberg, who was nominated by President Barack Obama and confirmed by the U.S. Senate in November 2012. Gruenberg's predecessor, Sheila Bair, served in the post for five years until July 2011.

A witness interviewed by the staff said the FDIC's former chief information officer instructed employees not to disclose information about the foreign government's hack, the report said.

The witness said the hush order was to "avoid effecting the outcome of Chairman Gruenberg's confirmation by the U.S. Senate," according to the report. The report also provided details of data breaches in which FDIC employees leaving the regulator took sensitive documents with them.

The report said current officials at the FDIC have purposely concealed information about breaches that had been requested by Congress.

"The committee's interim report sheds light on the FDIC's lax cyber security efforts," said Lamar Smith, a Republican representative from Texas who chairs the House Science, Space and Technology Committee. "The FDIC's intent to evade congressional oversight is a serious offense."

Mr. Gruenberg is scheduled to testify on Thursday before the committee on the banking regulator's cyber security practices.