June 1, 2016
The Federal Reserve detected more than 50 cyber breaches between 2011 and 2015, with several incidents described internally as “espionage”, according to Fed records.
The US central bank’s staff suspected hackers or spies in many of the incidents, the records show. The Fed’s computer systems play a critical role in global banking and hold confidential information on discussions about monetary policy that drives financial markets. The cybersecurity reports, obtained by Reuters through a Freedom of Information Act request, were heavily redacted by Fed officials to keep secret the central bank’s security procedures.
Cyber thieves have targeted big financial institutions around the world, including America’s largest bank, JPMorgan, as well as smaller players such as Ecuador’s Banco del Austro and Vietnam’s Tien Phong Bank. Hacking attempts were cited in 140 of the 310 reports provided by the Fed’s board. In some reports, the incidents were not classified in any way.
In eight information breaches between 2011 and 2013 – a time when the Fed’s trading desk was buying huge amounts of bonds – Fed staff wrote that the cases involved “malicious code”, referring to software used by hackers. Security analysts said foreign governments could stand to gain from inside Fed information. In the records obtained by Reuters, espionage might also refer to spying by private companies, or even individuals such as British activist Lauri Love, who is accused of infiltrating a server at a regional Fed branch in October 2012. Love stole names, email addresses and phone numbers of Fed computer system users, according to a federal indictment.