Security

Cyber-crime

Weak data protection helped China attack US Federal Reserve, report says

Details of adversarial tradecraft detailed, includes many email accounts


China's cyber espionage activities are extensive and sophisticated but when the Middle Kingdom tried to steal sensitive economic data from the US Fed, poor security meant its operatives didn't have to dip too far into their bags of tricks.

Or at least that’s according to the findings of an investigation by the Senate’s Committee on Homeland Security and Governmental Affairs, led by Republican Senator Rob Portman and released [PDF] on Tuesday.

The investigation relies on information mainly gathered by the US central bank regarding an internal probe of 13 persons of interest known as the P-network. The P-Network was described within the report as containing individuals identified by “similar foreign travel, emails, details in curricula vitae, and academic backgrounds.”

Those individuals were allegedly part of a network engaged in a “sustained malign influence and information theft campaign” targeting the Federal Reserve.

Among the investigation’s conclusions is that the Federal Reserve must improve protection of confidential information.

The report advised:

The Federal Reserve should implement robust foreign contact, travel, financial support, conflict of interest and conflict of commitment reporting requirements for Federal Reserve employees with access to confidential information, such as Class I,II, and III Federal Open Market Committee Restricted Controlled Information.

This should include a compliance and auditing program with penalties for failures to disclose including potential termination or denial of continued access to confidential Federal Reserve information.

The plot to influence and steal did not involve hacking, but infosec did play a role as network members allegedly engaged in “adversarial tradecraft.” The tradecraft included switching to unmonitored communication channels like Gmail, Yahoo, Skype, and changing email names. The tactics were said to limit the investigation’s insight of the network’s activities.

The report said analysis of internet browsing history revealed one Federal Reserve employee had searched for articles that would help them further understand punishments for economic espionage and lying about selling confidential information to Chinese intelligence agents.

That employee was reported to have even used Chinese President Xi Jinping’s name as a website password.

Not every government official has agreed with the findings of the investigation, a situation Chinese state media seemed keen to point out.

"We are confident that Federal Reserve staff understand their obligations and are committed to maintaining both the confidentiality of sensitive information and the integrity of our workforce," said US Federal Reserve Chairman Jerome Powell on Tuesday.

Powell said he was “deeply concerned” about the report’s “unfair, unsubstantiated and unverified insinuations.” ®

Send us news
2 Comments

China to probe US chip subsidies as export curbs rattle allies

Beijing investigating claims of unfair competition in mature semiconductors

Now Trump's import tariffs could raise the cost of a laptop for Americans by 68%

Make America irate again

The bell tolls for TikTok as lifelines to avoid January 19 US ban vanish

SCOTUS unlikely to save it, no time to find a buyer. So, hi, Xiaohongshu!

After China's Salt Typhoon, the reconstruction starts now

If 40 years of faulty building gets blown down, don’t rebuild with the rubble

US adds web and gaming giant Tencent to list of Chinese military companies

This could be the start of a saga to rival TikTok’s troubles, and embroil Tesla and Microsoft

Biden said to weigh global limits on AI exports in 11th-hour trade war blitz

China faces outright ban while others vie for Uncle Sam's favor

Akamai to quit its CDN in China, seemingly not due to trouble from Beijing

Security and cloud compute have so much more upside than the boring business of shifting bits

Microsoft invites Chinese software vendors to sell on its marketplace and through its partners

Good luck getting buyers and resellers excited about that

Nvidia snaps back at Biden's 'innovation-killing' AI chip export restrictions

'New rule threatens to squander America's hard-won technological advantage' says GPU supremo

TSMC revenue booms and you don’t need AI to figure out why

PLUS: China plans unified APIs; Singapore lets Police run scam victims’ bank accounts; Fujitsu now too cool for aircon

Chinese cyber-spies peek over shoulder of officials probing real-estate deals near American military bases

Gee, wonder why Beijing is so keen on the – checks notes – Committee on Foreign Investment in the US

FCC to telcos: By law you must secure your networks from foreign spies. Get on it

Plus: Uncle Sam is cross with this one Chinese biz over Salt Typhoon mega-snooping