Report Claims Chinese Behind FDIC Hacking; Alleges Cover-Up
WASHINGTON–The Chinese government likely was responsible for the hacking of computers at the Federal Deposit Insurance Corp. in 2010, 2011 and 2013, according to a new report from Congress that also suggests a cover-up took place.
The report was released at the same time the FDIC’s own inspector general has been critical of the agency’s digital security.
The interim report was released by the Republican staff of the House Science, Space and Technology Committee and states that a foreign government - "likely the Chinese" - penetrated computers and workstations used by high-level FDIC officials, including former chairwoman Sheila Bair, and the FDIC’s former chief of staff and former general counsel. According to the report, the hackers were able to compromise 12 workstations and also penetrated 10 servers and infected them with a virus.
The findings are based on a 2013 memo from the FDIC inspector general to the agency's chairman. "The OIG was particularly critical of the agency for violating its own policies and for failing to alert appropriate authorities," the interim report states, and further alleges the hacking was covered up to help smooth the Congressional confirmation process for current FDIC Chairman Martin Gruenberg, who was nominated to lead the agency in 2011.
In response, the Chinese government denied it was involved in any hacking related to the FDIC penetration, with a spokesperson stating the country opposes such practices.
Congress 'Misled'
Meanwhile, Rep. Lamar Smith (R-TX), who chairs the committee that released the report, said committee staff found the FDIC's CIO, Larry Gross Jr., had engaged in mismanagement, misled Congress and retaliated against whistleblowers.
"He has fostered a hostile work environment," Smith said in a statement. "It is also clear that the FDIC deliberately evaded congressional oversight. In addition, the committee found the FDIC has historically experienced deficiencies related to its cybersecurity posture, and those deficiencies continue to the present."
That comes at the same time the FDIC’s IG published a report that said the controls the agency has in place do not provide reasonable assurance that major incidents are identified and reported in a timely manner. The IG said it found, for instance, an incident involving a former FDIC employee who copied a significant amount of sensitive agency information, including personally identifiable information, to removable devices and then took the information when the employee left the FDIC in October.