recommended reading

Hack of International Monetary Fund data raises global worries

As world leaders grapple with the news that unidentified hackers have infiltrated the International Monetary Fund and obtained a large quantity of data -- the effects of which remain unknown -- some computer security and financial services experts speculated that such an attack on U.S. financial regulatory agencies would not likely originate in China.

Various media outlets, including Bloomberg, have published articles inferring that the Chinese government is responsible for the IMF breach. Data about financially strapped countries and advanced information about monetary policies could be valuable to political adversaries, including China. The fund, which tracks the economic stability of its 187 members by studying statistics on each nation's financial risk, currently is embroiled in politically controversial bailouts of European countries as it seeks to replace IMF chief Dominique Strauss-Kahn, whose abrupt departure last month in the wake of sexual assault charges sparked an international competition to fill the vacancy.

As for the potential of a similar intrusion at the Treasury or Commerce departments, or the Federal Reserve, "if you're looking at a foreign nation state like China, they will wait a generation before launching a full-blown attack" against federal agencies that regulate the U.S. financial system, because that might trigger a war, said Charles Dodd, a national security consultant on offensive cyber operations. Dodd noted that while China possesses significant offensive cyber capabilities, it lacks the military force to respond should a cyberattack lead to conventional war with the United States.

But should that day ever come, it would be easy to undermine the U.S. economy and consumer confidence by corrupting those agencies' networks, he said.

"If you can manipulate the data and gain an advantage -- that is the path of least resistance," Dodd said. "If they hack into a defense contractor and steal the avionics [designs], they still have to sell that information, there's still a broker involved. If they just go in there and manipulate what's in the Federal Reserve and Treasury . . . they get that benefit very quickly."

China has been blamed for numerous cyber incidents over the past few years. Most recently, operatives apparently based in China targeted the Gmail accounts of hundreds of users, including the personal accounts of senior federal officials, to steal their email passwords and presumably read their contents, Google officials said on June 1.

Darren Hayes, a computer forensics specialist who spent a decade advising financial services companies, said that right now the Chinese government has less motive to compromise U.S. financial regulators' systems because it is wary of disturbing the American market's integrity.

"China does have a vested interest in the U.S. financial systems, given the amount of money they've invested in U.S. treasuries and the amount of debt they've purchased," he said."Attacking a critical infrastructure like that could be detrimental to their investments," if people unload treasuries, for example.

Treasury and Federal Reserve computers have been and will continue to be vulnerable to people seeking insider information, however, other security experts said.

"Both these organizations contain highly confidential market-moving kinds of data," such as loan program policies, said Ashar Aziz, chief executive officer of computer security firm FireEye, which helped take down the Rustock spamming network. "An early view of the policies would allow any organization or individual to take financial advantage of this knowledge."

IMF officials did not respond to requests for information.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.