Likely hack of U.S. banking regulator by China covered up: probe

Mouse with Chinese flag projection

By Jason Lange and Dustin Volz

WASHINGTON (Reuters) – The Chinese government likely hacked computers at the Federal Deposit Insurance Corporation in 2010, 2011 and 2013 and employees at the U.S. banking regulator covered up the intrusions, according to a congressional report on Wednesday.

The report cited an internal FDIC investigation as identifying Beijing as the likely perpetrator of the attacks, which the probe said were covered up to protect the job of FDIC Chairman Martin Gruenberg, who was nominated for his post in 2011.

“The committee’s interim report sheds light on the FDIC’s lax cyber security efforts,” said Lamar Smith, a Republican representative from Texas who chairs the House of Representatives Committee on Science, Space and Technology.

“The FDIC’s intent to evade congressional oversight is a serious offense.”

The report was released amid growing concern about the vulnerability of the international banking system to hackers and the latest example of how deeply Washington believes Beijing has penetrated U.S. government computers.

The report did not provide specific evidence that China was behind the hack.

Shane Shook, a cyber security expert who has helped investigate some of the breaches uncovered to date, said he did not see convincing evidence in the report that the Chinese government was behind the FDIC hack.

“As with all government agencies, there are management issues stemming from leadership ignorance of technology oversight,” Shook said.

Speaking in Beijing, Chinese Foreign Ministry spokesman Lu Kang repeated that China opposed hacking and acted against it.

People should provide evidence for their accusations and not wave around speculative words like “maybe” and “perhaps”, he told reporters.

“This is extremely irresponsible.”

The FDIC, a major U.S. banking regulator which keeps confidential data on America’s biggest banks, declined to comment. Gruenberg is scheduled to testify on Thursday before the committee on the regulator’s cyber security practices.

Washington has accused China of hacking computers at a range of federal agencies in recent years, including the theft of more than 21 million background check records from the federal Office of Personnel Management beginning in 2014.

WATCHDOG MEMO

The compromise of the FDIC computers by a foreign government had been previously reported in May and some lawmakers had mentioned China as a possible suspect, but the report on Wednesday for the first time cited a 2013 memo by the FDIC’s inspector general, an internal watchdog, as pointing toward China.

“Even the former Chairwoman’s computer had been hacked by a foreign government, likely the Chinese,” the congressional report said, referring to Gruenberg’s predecessor, Sheila Bair, who headed the FDIC from 2006 until 2011 when Gruenberg took over as acting chairman.

Bair could not be immediately reached for comment.

A redacted copy of the 2013 FDIC inspector general’s memo seen by Reuters said investigators were unable to determine exactly which files had been extracted from agency computers.

But a source familiar with the FDIC’s internal investigation said the areas of the regulator’s network that were hacked suggested the intruders were seeking “economic intelligence.”

In all, hackers compromised 12 FDIC workstations, including those of other executives such as the regulator’s former chief of staff and former general counsel, and 10 servers, the congressional report said.

It accused the FDIC of trying to cover up the hacks so as not to endanger the congressional approval of Gruenberg, who was nominated by President Barack Obama and confirmed by the U.S. Senate in November 2012.

A witness interviewed by congressional staff said the FDIC’s current head of its technology division, Russ Pittman, instructed employees not to disclose information about the foreign government’s hack, the report said.

The witness said the hush order was to “avoid effecting the outcome of Chairman Gruenberg’s confirmation,” according to the report. Pittman could not immediately be contacted for comment.

The report also provided details of data breaches in which FDIC employees leaving the regulator took sensitive documents with them. It said current FDIC officials have purposely concealed information about breaches that had been requested by Congress.

U.S. intelligence officials believe Beijing has decreased its hacking activity since signing a pledge with Washington last September to refrain from breaking into computer systems for the purposes of commercial espionage.

At the same time, Obama has acknowledged difficulties in keeping government information secure. In addition, Republican opponents have said that Democratic presidential candidate Hillary Clinton’s use of a private email server when she was secretary of state could have exposed classified information to foreign governments.

(Reporting by Jason Lange and Dustin Volz; Additional reporting by Jim Finkle in Boston, and Ben Blanchard in BEIJING; Editing by Grant McCool)