Weak data protection helped China attack US Federal Reserve, report says
Details of adversarial tradecraft detailed, includes many email accounts
China's cyber espionage activities are extensive and sophisticated but when the Middle Kingdom tried to steal sensitive economic data from the US Fed, poor security meant its operatives didn't have to dip too far into their bags of tricks.
Or at least that’s according to the findings of an investigation by the Senate’s Committee on Homeland Security and Governmental Affairs, led by Republican Senator Rob Portman and released [PDF] on Tuesday.
The investigation relies on information mainly gathered by the US central bank regarding an internal probe of 13 persons of interest known as the P-network. The P-Network was described within the report as containing individuals identified by “similar foreign travel, emails, details in curricula vitae, and academic backgrounds.”
Those individuals were allegedly part of a network engaged in a “sustained malign influence and information theft campaign” targeting the Federal Reserve.
Among the investigation’s conclusions is that the Federal Reserve must improve protection of confidential information.
The report advised:
The Federal Reserve should implement robust foreign contact, travel, financial support, conflict of interest and conflict of commitment reporting requirements for Federal Reserve employees with access to confidential information, such as Class I,II, and III Federal Open Market Committee Restricted Controlled Information.
This should include a compliance and auditing program with penalties for failures to disclose including potential termination or denial of continued access to confidential Federal Reserve information.
The plot to influence and steal did not involve hacking, but infosec did play a role as network members allegedly engaged in “adversarial tradecraft.” The tradecraft included switching to unmonitored communication channels like Gmail, Yahoo, Skype, and changing email names. The tactics were said to limit the investigation’s insight of the network’s activities.
The report said analysis of internet browsing history revealed one Federal Reserve employee had searched for articles that would help them further understand punishments for economic espionage and lying about selling confidential information to Chinese intelligence agents.
That employee was reported to have even used Chinese President Xi Jinping’s name as a website password.
Not every government official has agreed with the findings of the investigation, a situation Chinese state media seemed keen to point out.
"We are confident that Federal Reserve staff understand their obligations and are committed to maintaining both the confidentiality of sensitive information and the integrity of our workforce," said US Federal Reserve Chairman Jerome Powell on Tuesday.
Powell said he was “deeply concerned” about the report’s “unfair, unsubstantiated and unverified insinuations.” ®