recommended reading

Hack of International Monetary Fund data raises global worries

As world leaders grapple with the news that unidentified hackers have infiltrated the International Monetary Fund and obtained a large quantity of data -- the effects of which remain unknown -- some computer security and financial services experts speculated that such an attack on U.S. financial regulatory agencies would not likely originate in China.

Various media outlets, including Bloomberg, have published articles inferring that the Chinese government is responsible for the IMF breach. Data about financially strapped countries and advanced information about monetary policies could be valuable to political adversaries, including China. The fund, which tracks the economic stability of its 187 members by studying statistics on each nation's financial risk, currently is embroiled in politically controversial bailouts of European countries as it seeks to replace IMF chief Dominique Strauss-Kahn, whose abrupt departure last month in the wake of sexual assault charges sparked an international competition to fill the vacancy.

As for the potential of a similar intrusion at the Treasury or Commerce departments, or the Federal Reserve, "if you're looking at a foreign nation state like China, they will wait a generation before launching a full-blown attack" against federal agencies that regulate the U.S. financial system, because that might trigger a war, said Charles Dodd, a national security consultant on offensive cyber operations. Dodd noted that while China possesses significant offensive cyber capabilities, it lacks the military force to respond should a cyberattack lead to conventional war with the United States.

But should that day ever come, it would be easy to undermine the U.S. economy and consumer confidence by corrupting those agencies' networks, he said.

"If you can manipulate the data and gain an advantage -- that is the path of least resistance," Dodd said. "If they hack into a defense contractor and steal the avionics [designs], they still have to sell that information, there's still a broker involved. If they just go in there and manipulate what's in the Federal Reserve and Treasury . . . they get that benefit very quickly."

China has been blamed for numerous cyber incidents over the past few years. Most recently, operatives apparently based in China targeted the Gmail accounts of hundreds of users, including the personal accounts of senior federal officials, to steal their email passwords and presumably read their contents, Google officials said on June 1.

Darren Hayes, a computer forensics specialist who spent a decade advising financial services companies, said that right now the Chinese government has less motive to compromise U.S. financial regulators' systems because it is wary of disturbing the American market's integrity.

"China does have a vested interest in the U.S. financial systems, given the amount of money they've invested in U.S. treasuries and the amount of debt they've purchased," he said."Attacking a critical infrastructure like that could be detrimental to their investments," if people unload treasuries, for example.

Treasury and Federal Reserve computers have been and will continue to be vulnerable to people seeking insider information, however, other security experts said.

"Both these organizations contain highly confidential market-moving kinds of data," such as loan program policies, said Ashar Aziz, chief executive officer of computer security firm FireEye, which helped take down the Rustock spamming network. "An early view of the policies would allow any organization or individual to take financial advantage of this knowledge."

IMF officials did not respond to requests for information.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.