CyberCrimeGovernement-ITRegulationSecuritySecurity ManagementSurveillance-IT

US Treasury Computer System Was Open To Hack

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Shoddy government security? Vital intelligence system for US financial system was vulnerable to hackers

A vital part of the US government’s computer system has been revealed as not meeting federal cyber-security standards following a government audit that found it was vulnerable to hackers.

A freedom of information (FoI) request by Reuters revealed the poor security for the US Treasury’s Foreign Intelligence Network, which is used to track foreign threats to America’s financial system.

Lax Security?

American cloud flag tattered © CURAphotography ShutterstockThe government audit obtained by Reuters revealed the computer system was vulnerable to hackers in 2014, but there is no evidence it was ever compromised.

The auditors found up to 29 percent of Treasury’s devices connected to the intelligence network did not meet federal cybersecurity standards.

“As a result … devices may not be protected with the most secure recommended configurations, increasing the risk of being compromised,” the Treasury’s Office of Inspector General (OIG) was quoted as saying in its report.

The US Treasury insists that the vulnerability has now been fixed.

Essentially, the Treasury Foreign Intelligence Network is used by mostly by the American intelligence services to share top-secret information and to monitor the financial impact of sanctions against countries such as Iran and Russia, as well as terrorist groups like Hezbollah.

A Treasury official was quoted as saying that the OIG had identified a “minor issue on a very secure system.”

“Since the release of the audit, Treasury has remedied this matter,” the official reportedly said.

So what exactly was the problem and why was the network vulnerable to hackers? Well it seems that the audit was conducted in March and May 2014, and the auditors discovered some computers using Microsoft Windows, that had “not been properly configured.”

This meant that network engineers would have trouble updating security software for the network’s computers, servers and printers, according to the audit. And this is not the first time that auditors found a problem with the the top secret Treasury system. In a 2008 audit, the OIG found the Treasury Foreign Intelligence Network was slow in upgrading a system that had relied on “antiquated hardware and software.”

Other Attacks

The discovered of a vulnerability, even though it has now been patched, it noteworthy in light of the ongoing cybersecurity issues with US government computers and networks.

In April this year, hackers (allegedly from China) managed to successfully hack the US Office of Personnel Management (OPM), which handles staff records and security clearances. That federal agency handles security clearances and staff records, and it was the second time it had been hacked, after the OPM was also hacked in March 2014.

In 2013, the US government’s Department of Labor website was compromised by hackers, and in 2014 attackers hacked into the White House’s computer systems. Those hackers had first penetrated the State Department’s email system last October and were “likely working for the Russian government”.

As a result, President Barack Obama, created a new sanctions scheme against hackers after he signed an executive order in April this year.

Are you a security pro? Try our quiz!