The U.S. Federal Reserve has been attacked by hackers more than 50 times over the past six years, according to internal reports obtained by Reuters under the Freedom of Information Act.
The news agency reported Wednesday that several security breaches at the central bank had been labeled acts of “espionage,” while the source of some attacks was not indicated at all. No perpetrators could be identified by the heavily redacted documents, and it’s unknown how much, if any, money was stolen.
According to Reuters, “malicious code” was detected in eight breaches between 2011 and 2013. The reports further indicate that information was breached in at least two of the four alleged acts of “espionage” carried out against the Fed in 2012.
Reuters was unable to report whether the “espionage” was carried out by foreign governments.
A team of cybersecurity experts working for the Fed, known as the National Incident Response Team (NIRT), reportedly identified 51 cases of “information disclosure” involving the bank’s board.
Former members of the NIRT, which operates out of New Jersey, told Reuters that the banking system was “under constant assault,” and like any large company, was “compromised frequently.”
Two months ago, the U.S. Justice Department announced charges against seven Iranian hackers accused of coordinating cyberattacks on dozens of U.S. banks, causing millions of dollars in damage. The hackers were also tied to an attempt to shut down the Bowman Avenue Dam in Rye Brook, New York.
“These attacks were relentless, they were systematic, and they were widespread,” U.S. Attorney General Loretta Lynch said at the time.
In November, the central banks of the United States and United Kingdom carried out a series of cybersecurity-preparedness exercises, dubbed Operation Resilient Shield. The exercise was intended to “bolster efforts to enhance the cybersecurity of critical infrastructure in both countries,” the White House said, as well as “strengthen threat information sharing and intelligence cooperation on cyber issues.”
Resilient Shield followed a series of similar U.K.-based “war games” known as Waking Shark, which evidently simulated the impact of major cyberattacks on payment and market systems.