House panel launches probe into NY Fed over $81M cyberheist

The House Science Committee is launching an investigation into the New York Federal Reserve in connection to the cybertheft of $81 million from the Bangladesh central bank’s account, CNBC reported Wednesday.

The committee is requesting a briefing by the New York Fed on the status of its investigation and “all documents or communications related to any review conducted by the NY Fed of its own information technology,” according to a letter from Chairman Lamar Smith (R-Texas).

{mosads}”In light of the recent cyber attacks on our global financial systems, the Committee believes it is imperative to receive information from the NY Fed about its response, its oversight of SWIFT, the status of the investigation, and any remedial steps taken to address vulnerabilities,” Smith wrote in the letter to New York Fed President William Dudley.

In February, unknown hackers stole $81 million from the Bangladesh Bank account at the New York Fed in what is considered the largest cyberheist in history.

To pull off the heist, the hackers exploited a flaw in SWIFT, a messaging network used by banks across the globe to exchange information about financial transfers.

The incident has raised questions about the security of SWIFT software, and investigators are now looking into data breaches at as many as 12 banks connected to the messaging network.

Meanwhile, the Bangladesh bank has hinted that it believes at least some of the blame rests with the New York Fed.

“We view this as a major lapse on the part of FRB NY,” the bank said in an internal report of the February incident.

According to the report, the hackers tried to issue 35 payment instructions to the New York Fed, 30 of which were denied. The U.S. bank says it followed normal procedures and there are no indications that its own systems were breached.

SWIFT has made it clear that its bank customers are responsible for securing computers connected to the messaging network.

The Science Committee query coincides with reporting indicating that the Federal Reserve was breached more than 50 times between 2011 and 2015.

The Fed’s cybersecurity team logged 310 incident reports during the four-year span, 140 of which were classified as hacking attempts.

Out of those 310 incidents, the Fed identified 51 incidents of “information disclosure” — a broad classification that includes access by hackers or emails sent by Fed employees to the wrong recipient.

But the 140 reports represent only a portion of all cyberattacks on the Fed. They include only incidents affecting the Washington, D.C.-based Board of Governors — a federal agency subject to Freedom of Information Act requests.

Excluded are the Fed’s 12 privately owned regional banks, of which the New York Fed is one.