China’s cyber espionage activities are extensive and sophisticated but when the Middle Kingdom tried to steal sensitive economic data from the US Fed, poor security meant its operatives didn’t have to dip too far into their bags of tricks.
Or at least that’s according to the findings of an investigation by the Senate’s Committee on Homeland Security and Governmental Affairs, led by Republican Senator Rob Portman and released [PDF] on Tuesday.
The investigation relies on information mainly gathered by the US central bank regarding an internal probe of 13 persons of interest known as the P-network. The P-Network was described within the report as containing individuals identified by “similar foreign travel, emails, details in curricula vitae, and academic backgrounds.”
Those individuals were allegedly part of a network engaged in a “sustained malign influence and information theft campaign” targeting the Federal Reserve.
Among the investigation’s conclusions is that the Federal Reserve must improve protection of confidential information.
The report advised:
The plot to influence and steal did not involve hacking, but infosec did play a role as network members allegedly engaged in “adversarial tradecraft.” The tradecraft included switching to unmonitored communication channels like Gmail, Yahoo, Skype, and changing email names. The tactics were said to limit the investigation’s insight of the network’s activities.
The report said analysis of internet browsing history revealed one Federal Reserve employee had searched for articles that would help them further understand punishments for economic espionage and lying about selling confidential information to Chinese intelligence agents.
That employee was reported to have even used Chinese President Xi Jinping’s name as a website password.
Not every government official has agreed with the findings of the investigation, a situation Chinese state media seemed keen to point out.
“We are confident that Federal Reserve staff understand their obligations and are committed to maintaining both the confidentiality of sensitive information and the integrity of our workforce,” said US Federal Reserve Chairman Jerome Powell on Tuesday.
Powell said he was “deeply concerned” about the report’s “unfair, unsubstantiated and unverified insinuations.” ®