Category Archives: FINANCE INSURANCE

USA Fed records show dozens of cyber security breaches

US Federal Reserve Hacked More than 50 In Past 5 Years

Published on Jun 1, 2016

According to Fed records, the Federal Reserve detected more than 50 cyber breaches between 2011 and 2015. Several of the incidents have been described internally as “espionage.”
The records show the US central bank’s staff suspected hackers or spies in many of the incidents. The Fed’s computer systems play a critical role in global banking and hold confidential information on discussions about monetary policy that drives financial markets.
The Fed declined to comment. The redacted records do not say who hacked the bank’s systems or whether they accessed sensitive information or stole money.
James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said “Hacking is a major threat to the stability of the financial system. This data shows why.”

The U.S. Federal Reserve detected more than 50 cyber breaches between 2011 and 2015, with several incidents described internally as “espionage,” according to Fed records.

The central bank’s staff suspected hackers or spies in many of the incidents, the records show. The Fed’s computer systems play a critical role in global banking and hold confidential information on discussions about monetary policy that drives financial markets.

The cybersecurity reports, obtained by Reuters through a Freedom of Information Act request, were heavily redacted by Fed officials to keep secret the central bank’s security procedures.

The Fed declined to comment, and the redacted records do not say who hacked the bank’s systems or whether they accessed sensitive information or stole money.

“Hacking is a major threat to the stability of the financial system. This data shows why,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, a Washington think tank. Lewis reviewed the files at the request of Reuters.

 

The records represent only a slice of all cyber attacks on the Fed because they include only cases involving the Washington-based Board of Governors, a federal agency that is subject to public records laws. Reuters did not have access to reports by local cybersecurity teams at the central bank’s 12 privately owned regional branches.

The disclosure of breaches at the Fed comes at a time when cybersecurity at central banks worldwide is under scrutiny after hackers stole $81 million from a Bank Bangladesh account at the New York Fed.

Cyber thieves have targeted large financial institutions around the world, including America’s largest bank JPMorgan, as well as smaller players like Ecuador’s Banco del Austro and Vietnam’s Tien Phong Bank.

Hacking attempts were cited in 140 of the 310 reports provided by the Fed’s board. In some reports, the incidents were not classified in any way.

In eight information breaches between 2011 and 2013 – a time when the Fed’s trading desk was buying massive amounts of bonds – Fed staff wrote that the cases involved “malicious code,” referring to software used by hackers.

Four hacking incidents in 2012 were considered acts of “espionage,” according to the records. Information was disclosed in at least two of those incidents, according to the records. In the other two incidents, the records did not indicate whether there was a breach.

In all, the Fed’s national team of cybersecurity experts, which operates mostly out of New Jersey, identified 51 cases of “information disclosure” involving the Fed’s board. Separate reports showed a local team at the board registered four such incidents.

The cases of information disclosure can refer to a range of ways unauthorized people see Fed information, from hacking attacks to Fed emails sent to the wrong recipients, according to two former Fed cybersecurity staffers who spoke on condition of anonymity.

The former employees said that cyber attacks on the Fed are about as common as at other large financial institutions.

It was unclear if the espionage incidents involved foreign governments, as has been suspected in some hacks of federal agencies. Beginning in 2014, for instance, hackers stole more than 21 million background check records from the federal Office of Personnel Management, and U.S. officials attributed the breach to the Chinese government, an accusation denied by Beijing.

TARGET FOR SPYING

Security analysts said foreign governments could stand to gain from inside Fed information. China and Russia, for instance, are major players in the $13.8 trillion federal debt market where Fed policy plays a big role in setting interest rates.

“Obviously that makes it a very clear (hacking) target for other nation states,” said Ari Schwartz, a former top cybersecurity adviser at the White House who is now with the law firm Venable.

U.S. prosecutors in March accused hackers associated with Iran’s government of attacking dozens of U.S. banks.

In the records obtained by Reuters, espionage might also refer to spying by private companies, or even individuals such British activist Lauri Love, who is accused of infiltrating a server at a regional Fed branch in October 2012. Love stole names, e-mail addresses, and phone numbers of Fed computer system users, according to a federal indictment.

The redacted reports obtained by Reuters do not mention Love or any other hacker by name.

The records point to breaches during a sensitive period for the Fed, which was ramping up aid for the struggling U.S. economy by buying massive quantities of U.S. government debt and mortgage-backed securities.

In 2010 and 2011, the Fed went on a $600 billion bond-buying spree that lowered interest rates and made bonds more expensive. It restarted purchases in September 2012 and expanded them up in December of that year.

The Fed cybersecurity records did not indicate whether hackers accessed sensitive information on the timing or amounts of bond purchases or used it for financial gain.

UP ALL NIGHT

The Fed’s national cybersecurity team – the National Incident Response Team, or NIRT – created 263 of the incident reports obtained by Reuters.

The Federal Reserve headquarters in Washington September 16 2015. REUTERS/Kevin Lamarque

The Federal Reserve headquarters in Washington September 16 2015. REUTERS/Kevin Lamarque

NIRT operates in a fortress-like building in East Rutherford, New Jersey that also processes millions of dollars in cash everyday as part of the central bank’s duty to keep the financial system running, according to the New York Fed’s website. The unit provides support to the local cybersecurity teams at the Fed’s Board and regional banks, which process more than $3 trillion in payments every day.

The NIRT handles “higher impact” cases, according to a 2013 report by the Board of Governor’s Office of Inspector General.

One of the two former NIRT employees interviewed by Reuters described being on a team that once worked around the clock for five-straight days to patch software hackers had used to gain access to Fed systems in an attempt to obtain passwords. The former employee worked through several of those nights, taking naps at a desk in the office.

In that case, Fed security staff found no signs that sensitive information had been disclosed, the former employee said. Information about future interest rate policy discussions is isolated from other Fed networks and is more difficult for hackers to access, the former NIRT worker said.

But the Fed was under constant assault, much like any large company, the former employee said, and was “compromised frequently.”

An internal watchdog has criticized the central bank for cybersecurity shortcomings. A 2015 audit by the Fed board’s Office of Inspector General found the board was not adequately scanning databases for vulnerabilities or putting enough restrictions on system access.

“There is heightened risk of unauthorized disclosure and inappropriate use of sensitive board information,” according to the audit released in November.

(Reporting by Jason Lange and Dustin Volz; Editing by David Chance and Brian Thevenot)

RTS74

Henry Sapiecha

 

 

BAD FINANCIAL & INSURANCE ADVICE GIVEN TO CLIENTS BY 1 IN 3 ADVISORS IN THE INDUSTRY

More than one in three financial advisers have failed to comply with laws around giving clients appropriate life insurance advice, representing an “unacceptable level of failure”, a damning report by the corporate watchdog has found.

Around 37 per cent of financial planners failed to prioritise clients’ needs and give correct advice, according to the Australian Securities and Investments Commission, which reviewed more than 200 files from large and small advice companies.

ASIC LOGO ON OFFICE WALL IMAGE www.intelagencies.com

Around 37 per cent of financial advisers failed to prioritise clients needs and give correct advice, ASIC says. Photo: Jim Rice

“This is an unacceptable level of failure, and the life insurance industry is now on notice to lift standards and professionalism,” ASIC deputy chairman Peter Kell said. “Both insurers and advice firms need to work on delivering a consistently better service for consumers.”

The report found that planners who received expensive, upfront commissions were more likely to deviate from giving appropriate advice.

The survey, which was conducted between September 2013 and July, found 82 per cent of financial planners net their remuneration through upfront commissions, compared with just 0.7 per cent who receive salaries.

“The industry as a whole needs to consider how remuneration and compliance practices can better support good quality outcomes for consumers,” Mr Kell said.

The report comes amid some of the most difficult business conditions on record across Australia’s life insurance sector.

Lapse rates, or the number of people who quit or scale back their life protection cover, is skyrocketing as households tighten their budget belts. Companies such as AMP, TAL and the life arms of Australia’s big banks have posted high lapses in recent years.

Insurance claims are soaring as lawyers encourage their clients to table claims on their life and income protection policies.

Insurance companies’ investment income have also dropped amid lower returns. Adding to the conundrum are advisers who switch their clients from one insurer to another in a bid to pocket higher commissions.

Simon Swanson, chief executive of listed life insurer ClearView Wealth, said there was “more work to be done to ensure there are good processes around advice”.

“It’s not just an advice issue as well – it’s a dealer group or AFSL [Australian Financial Services Licence] issue. The dealer groups [umbrella groups for advisers] have to take more responsibility,” he said.

He also argued that the industry needed more time to sift through a raft of regulatory changes stemming from the Future of Financial Advice Reforms, including advisers’ best interest duties, to tackle the challenges buffeting the life advice sector.

ASIC said a recurring theme in its surveillance was “the failure of advisers to give strategic risk advice to their clients”.

“It is the process of identification and prioritisation of needs and objectives that is the most important aspect of financial advice for consumers. It is a key reason why consumers look for financial advice,” the report noted.

The watchdog is putting the pressure on insurers to review how they pay advisers to ensure customers’ interests are priorities, and develop products that improve the affordability of policies.

It is also placing the onus on advisers to review and amend their business models to comply with the provision of compliant life insurance advice.

Henry Sapiecha