Following the money is how many criminals are caught. It would appear the calculus has been inverted and the bad actors are now following the money and the money policy of the United States. Specifically, they are engaging in a bit of cyber adventurism against the nation’s Federal Reserve Bank (Federal Reserve). According to a Reuters report, the Federal Reserve has experienced over 50 cases of cyber intrusion between 2011-15. The Federal Reserve acknowledges that they are a target of repeated intrusion attempts and technological probes (as are many other banks). What makes the Federal Reserve intrusions noteworthy is how the Federal Reserve itself characterized these intrusions in their internal memorandum: “information disclosure” and “espionage.”

You’re financial data redacted

Reuters, via a Freedom of Information Act (FOIA) request, received a heavily redacted Federal Reserve data set which contained over 2200 pages of cyber security incidents which occurred between 2011-15.  A graphic of these incidents, based on this data set reveals over 50 cases of unauthorized access of which 32 are confirmed as having resulted in information disclosure, with four of these apparently being sufficiently sensitive to warrant the characterization of “espionage.”

high stakes insider trading

Espionage is a term which governmental entities, use when referring to the attempts by a nation state to acquire non-public information in a covert manner. In this case, the list of entities which would benefit from having advance knowledge of recommendations coming out of the Federal Reserve Board of Governors would be of especially high value.

Who are these countries who may benefit? Perhaps those countries which are the most heavily invested in US Treasury Securities. In rank order the top 15 are China, Japan, Cayman Islands, Brazil Switzerland, Luxembourg, United Kingdom, Hong Kong, Taiwan, India, Saudi Arabia, Singapore and Germany.  China ($1242.8 billion) and Japan ($1142.8 billion) as of April 2016 individual are invested at almost four times the third largest holder of US Treasuries, the Cayman Islands ($258.5 billion). Russia holds approximately $82.5 billion in US Treasuries.

Those charged with the protection of the Federal Reserve will no doubt be hard pressed to be able to determine attribution for these and other cyber intrusions. Of those countries with significant holdings, only China and Russia have had a track record of engaging in cyber mischief with respect to US government computer systems. Both have an ongoing mandate to their intelligence services to obtain and report on any and all plans and intentions of the United States with respect to their monetary policy (rest assured this tasking is status quo and not a unique one-off type of tasking).

Heed the warning klaxon

While warnings are of little use if not heeded, this revelation from the Federal Reserve is a sufficient enough klaxon to awaken even the most Pollyanna-ish that the entirety of the US federal ecosystem is under observation and will be exploited if possible. Foreign governments remain interested in any data they can get – and that includes following (and hacking) the money.

Related News

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008). He is the founder of securelytravel.com