BO & Co. Fail to Detect a Single Cyber Threat

[Compost]

So. Is this good news? Glaring incompetence? Something else?

One thing's for sure. Government spent a bunch of money.

Six months after President Barack Obama invoked emergency powers to block the assets of any person caught engaging in “malicious cyber-enabled activities,” the administration has not identified a single qualifying target, according to the Treasury Department, which disclosed in a report that “no entities or individuals have been designated.”

The April 2015 directive issued by the White House identified an “increasing prevalence and severity of malicious cyber-enabled activities” among individuals living outside the United States.

These activities were said to constitute “an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States,” prompting Obama to declare “a national emergency to deal with this threat.”

more here
White House Fails to Detect a Single Cyber Threat

 

[waltky]

Guess he drew a red line on cyber attacks...

... an' then backed off on dat one too.

 

[waltky]

Dem hackers is tryin' to raid the Federal Reserve...

U.S. lawmakers probe Fed cyber breaches, cite 'serious concerns'
Fri Jun 3, 2016 | WASHINGTON - A U.S. congressional committee has launched an investigation into the Federal Reserve's cyber security practices after a Reuters report revealed more than 50 cyber breaches at the U.S. central bank between 2011 and 2015.

The House Committee on Science, Space and Technology on Friday sent a letter to Federal Reserve Chair Janet Yellen to express "serious concerns" over the central bank's ability to protect sensitive financial information. The letter cited the Reuters report, which was based on heavily redacted internal Fed records obtained through a Freedom of Information Act request. The redacted records did not say who hacked the bank's systems or whether they accessed sensitive information or stole money. "These reports raise serious concerns about the Federal Reserve's cyber security posture, including its ability to prevent threats from compromising highly sensitive financial information housed on the agency's systems," said the letter, signed by House Science Committee Chairman Lamar Smith, a Texas Republican, and Barry Loudermilk, a Georgia Republican and chairman of the panel's oversight subcommittee.

A Fed spokesperson said the central bank had received the panel's letter and "will respond to it." The panel asked the Fed's national cyber security team - the National Incident Response Team - to turn over all cyber incident reports in unredacted form from Jan. 1, 2009, to the present. It also asked for incident reports from the Fed's local incident response teams. Global policymakers, regulators and financial institutions have become increasingly concerned about the security of the international banking system after a string of cyber attacks against banks in Bangladesh, Vietnam and elsewhere linked to fraudulent transaction messages sent across the global financial platform SWIFT. The probe into the Fed's security practices followed a separate inquiry by the same committee into the Federal Reserve Bank of New York's handling of the cyber theft of $81 million from one of its accounts held by the central bank of Bangladesh.

The committee said it has jurisdiction over the Fed's cyber security because the panel is tasked with oversight of the U.S. National Institute of Standards and Technology, an agency responsible for developing federal cyber security standards and guidelines, under a 2014 federal information technology law. The panel also requested a "detailed description of all confirmed cyber security incidents" from 2009 to the present, all documents and communications referring or relating to "higher impact cases" handled by the Fed's NIRT team, all documents and communications with the Fed's Office of Inspector General related to confirmed cyber incidents, and an organizational chart detailing the Fed's top cyber security personnel.

The committee requested a response to its inquiry by June 17. The Fed's computer systems hold confidential information on discussions about monetary policy that drives financial markets. The central bank's staff suspected hackers or spies were behind many of the breaches, the records obtained by Reuters show. The Fed had declined to comment on the records, which represent only a slice of all cyber attacks on the central bank because they include only cases involving the Washington-based Board of Governors, a federal agency that is subject to public records laws.

U.S. lawmakers probe Fed cyber breaches, cite 'serious concerns'

 

[waltky]

NY Fed first rejected cyber-heist transfers, then fell for it...

Exclusive: NY Fed first rejected cyber-heist transfers, then moved $81 million
June 6, 2016 - Hours before the Federal Reserve Bank of New York approved four fraudulent requests to send $81 million from a Bangladesh Bank account to cyber thieves, the Fed branch blocked those same requests because they lacked information required to transfer money, according to two people with direct knowledge of the matter.

On the day of the theft in February, the New York Fed initially rejected 35 requests to transfer funds to various overseas accounts, a New York Fed official and a senior Bangladesh Bank official told Reuters. The Fed’s decision to later fulfill a handful of resubmitted requests raises questions about whether it missed red flags. The New York arm of the U.S. central bank initially denied the transfer requests because they lacked proper formatting for the SWIFT messaging system, the network banks use for international financial transfers, the two officials said. The Bangladesh Bank official said they lacked the names of correspondent banks, which typically receive wired funds. The Fed rejected the requests, which came from hackers who had broken into the SWIFT network through Bangladesh Bank systems.

Later in the day, however, the cyber thieves resubmitted those 35 requests. On the second try, the messages had the proper formatting, the New York Fed official said. The requests had been authenticated by SWIFT, the first line of defense against fraudulent wire transfers. Despite the technical compliance, the New York Fed rejected 30 of the requests a second time. But the Fed did approve five requests – for a total of $101 million. Later, one of those five transfers - a $20 million request - was reversed because of a misspelling. The New York Fed has said it blocked the 30 resubmitted requests because they were flagged for economic sanctions review. Only afterward were they deemed potentially fraudulent.

The Bangladesh Bank official and another source close to the bank said the New York Fed should have rejected all the requests on both the first and second attempts. The source close to the bank, who also had direct knowledge of the matter, said anomalies in the four transfers that ultimately went through should have raised questions at the New York Fed. They were paid to individual recipients, a rarity for Bangladesh's central bank, and the false names on the four approved withdrawals also appeared on some of the 30 resubmitted requests rejected by the bank, said the source close to the Bangladesh Bank. "Of course, we asked the Fed why the repetition of the names did not create red flags," the source said. "They are saying they rejected 35 badly submitted ones," the source said. But when the requests were re-submitted, they "paid 5 of them and stopped 30. Why? They can give no answer."

Bangladesh Bank and SWIFT declined to comment. The New York Fed has said there were no problems with its procedures for approving SWIFT fund transfers, and declined to comment on whether it missed any warning signs. The cyber theft from Bangladesh’s central bank - and recent disclosures of other similar fraud attempts - have brought scrutiny on the SWIFT messaging system. SWIFT is a cooperative of global banks formally known as the Society for Worldwide Interbank Financial Telecommunication, and its transaction system was used as a conduit for one of the largest cyber bank heists in history. In the United States, a congressional committee has launched a probe into the New York Fed's role in the bank heist. The Bangladeshi central bank might seek compensation for the funds from the Federal Reserve, and Bangladesh Bank police have said that recent installation of a new SWIFT settlement system at the bank last fall may have provided thieves an opportunity to gain access to the bank’s SWIFT servers.

RED FLAGS?