‘Minor issue’ with 29% devices left US Treasury’s systems open to hackers
According to a government audit dated September 2014 and obtained by Reuters, up to 29 percent of the Treasury’s computers linked to the Treasury Foreign Intelligence Network did not meet federal cybersecurity standards.
The network established in 2004 in the wake of the 9/11 was initially designed to track down Al-Qaeda's funding sources. Now the network is constantly accessed by intelligence agencies for top-secret information on the monetary transactions of global terrorist groups and people suspected of having links with them. It is also being used to monitor the impact and violations of US-imposed economic sanctions.
The annual audit by Office of Inspector General (OIG) into Treasury’s cyber security discovered that some Windows operated PCs connected to the network were not properly configured. The report revealed that network engineers were unable to update security software for the sensitive computers, servers and printers.
Even though no actual hacks have been discovered during that audit, OIG did raise an alarm about system’s vulnerability to potential intrusions.
“As a result ... devices may not be protected with the most secure recommended configurations, increasing the risk of being compromised,” the OIG said, recommending to fix vulnerabilities within six months.
The Treasury downplaying the episode, saying on Thursday that the requested modifications have already been implemented.
“The inspector general’s 2014 audit identified a minor issue on a very secure system,” a spokesperson said in a statement cited by The Hill. “Since the release of the audit, the Treasury has remedied this matter.”
Six years ago, during a 2008 audit, the OIG warned that the Treasury Foreign Intelligence Network relied on “antiquated hardware and software,” and that it was slow updating security features.
The Reuters report follows disclosures that hackers managed to breach the US Office of Personnel Management system exposing sensitive information about millions of federal employees. One hack alone affected the records of 21.5 million people, 19.7 million of whom were former, current or prospective government employees who had submitted to a background check. The other 1.8 million were family members. A separate attack saw the data of 4.2 million former and current government workers compromised.