14 DAY TRIAL // Chinese hackers are likely behind cyber-attacks against the US Federal Deposit Insurance Corporation (FDIC), a government agency that supervises the country's banks, but the most worrisome detail is that US FDIC officials hid the attacks from Congress for years.
These are the conclusions of a report released today by US House Committee on Science, Space, and Technology, which said that multiple FDIC officials "engaged in mismanagement, misled Congress, and retaliated against whistleblowers."
All was done to ensure that then FDIC Vice-President Martin Gruenberg would be promoted to FDIC Chairman, which eventually happened in 2012.
Chinese hackers behind three of the breaches
According to the House Committee's report, the FDIC suffered breaches in 2010, 2011, and 2013. The agency gave an account of all incidents only following the third, in 2013, at a point when Gruenberg had already received his promotion. The report says that these three episodes are most likely linked to a threat actor residing in China.
During the Chinese-linked attacks, it is believed that hackers compromised at least twelve computers belonging to FDIC high-ranking staff members, with access to crucial information. Attackers also compromised ten other FDIC servers.
FDIC employees were also told to delay two other 2015 breaches until 2016, when another incident took place. These breaches happened because of improper data handling by employees, and not because of cyber-attacks from foreign states.
House Committee: FDIC’s intent to evade congressional oversight is a serious offense
By hiding and delaying these data breach reports, FDIC officials put the economic safety of the affected individuals and the entire banking industry at risk.
By its nature, the FDIC holds information on the activities and reports of all of the US banks, something that a nation state would find valuable and likely to use on the financial market to improve its market status.
Congress learned about the FDIC issues after former employees and whistleblowers provided authorities with details and data regarding FDIC's oversights in the matters of cyber-security.
Gruenberg himself is scheduled to testify in front of the House Committee tomorrow, July 14, 2016.