Federal Reserve under attack by hacker spies
NEW YORK, N.Y. — The Federal Reserve has been under constant attack by hackers since at least 2011, including four attempts it labels as “espionage.”
But it is unclear if hackers have penetrated the Fed’s security system.
Records obtained by CNNMoney on Wednesday list more than 50 incidents that were labeled as either “unauthorized access” or “information disclosure.”
But the Federal Reserve insists that the internal documents only acknowledge that hackers attempted to break into its computer systems — not that they were successful.
In a statement to CNNMoney, a Federal Reserve representative said the central bank is facing a barrage of cyberattacks.
“As with other government agencies, the Federal Reserve is a target for cyberattacks,” the statement said. “However, our security program and processes for detecting and countering attacks are robust and our critical operations have never been affected.”
The central bank released the documents after Reuters reported that the Federal Reserve has detected more than 50 “breaches” of its computer systems from 2011 and 2015.
The Reuters report — as well as CNNMoney’s reporting — relies on heavily redacted versions of those internal cybersecurity reports.
The Federal Reserve claims the documents don’t provide enough information for Reuters to describe the cyberattacks as a “breach.”
“We stand by our story,” said Reuters representative Abbe Serphos.
The heavily redacted documents only show a cybersecurity “incident” identified by “incident type.” Descriptions of the cyberattacks are hidden, as are their level of severity.
For example, 134 attacks are labeled “malicious code.” Another 12 are “fraud.” A dozen others are “informational.” One is labeled “extortion.”
However, the language used in the internal reports hints that hackers did access — and perhaps even extract — information from the Federal Reserve.
The reports list 59 attacks described as “unauthorized access,” and 55 incidents are labeled “information disclosure.” The cybersecurity profession typically uses the phrase data breach to signify disclosure of sensitive information.
But the Federal Reserve maintains that outsiders did not gain access to internal content at the central bank.
The records released are a narrow window into the hacking attempts on the nation’s central bank. These cybersecurity reports only reflect attacks on the Federal Reserve Board of Governors, the Washington-based committee that oversees the nation’s monetary policy.
The central bank has 12 privately-owned branches scattered across the United States.
There are heightened concerns about hackers potentially slipping into central banks. Hackers broke into Bangladesh’s central bank in February, accessing the bank’s accounts at the New York Federal Reserve and shifting $101 million to the Philippines.