Exclusive: U.S. Treasury's intelligence network vulnerable to hack - audit

Before you go, we thought you'd like these...
Before you go close icon
U.S. Treasury's Intelligence Network Vulnerable to Hack - Audit


Lax security left the U.S. Treasury's computer system for tracking overseas threats to America's financial system vulnerable to hackers, according to a government audit prepared in late 2014 and obtained by Reuters.

The Treasury Foreign Intelligence Network is used by U.S. spy agencies to share top-secret information and to keep tabs on the impact of sanctions against countries such as Iran and Russia, as well as militant groups like Hezbollah.

The report, prepared in September 2014, gave no indication the foreign intelligence network had been hacked. But auditors found up to 29 percent of Treasury's devices connected to the intelligence network did not meet federal cybersecurity standards.

17 PHOTOS
Federal data hack, U.S. government, data breach
See Gallery
Exclusive: U.S. Treasury's intelligence network vulnerable to hack - audit
Katherine Archuleta, director of the Office of Personnel Management, listens during a hearing of the Senate Homeland Security and Governmental Affairs Committee on Capitol Hill June 25, 2015 in Washington, DC. Witnesses testified about the hacking of Office of Personnel Management data. (Photo credit: BRENDAN SMIALOWSKI/AFP/Getty Images)
From left Katherine Archuleta, director of the Office of Personnel Management, US Chief Information Officer Tony Scott, Assistant Homeland Security Secretary for National Protection and Programs Andy Ozment, and McFarland, inspector general of the Office of Personnel Management, are sworn in during a hearing of the Senate Homeland Security and Governmental Affairs Committee on Capitol Hill June 25, 2015 in Washington, DC. Witnesses testified about the hacking of Office of Personnel Management data. AFP PHOTO/BRENDAN SMIALOWSKI (Photo credit should read BRENDAN SMIALOWSKI/AFP/Getty Images)
UNITED STATES - JUNE 23 - Katherine Archuleta, director, Office of Personnel Management, testifies during a Senate Appropriations Financial Services and General Government Subcommittee hearing to review data security and information technology spending at the Office of Personal Management on Capitol Hill on Tuesday, June 23, 2015. (Photo By Al Drago/CQ Roll Call)
WASHINGTON, DC - JUNE 23: Katherine Archuleta, director of Office of Personnel Management, arrives for a Senate Appropriations Financial Services and General Government Subcommittee hearing to review information technology spending and data security at the U.S. Office of Personnel Management, on Capitol Hill, June 23, 2015 in Washington, DC. FBI Director James Comey recently told Senators in a closed-door meeting that the personal data of an estimated 18 million current and former federal employees were affected by a recent cyber breach at the Office of Personnel Management. (Drew Angerer/Getty Images)
White House Press Secretary Josh Earnest answers questions on the massive cyber-attack on the personal data of government employees June 5, 2015 during the daily briefing in the Brady Briefing Room of the White House in Washington, DC. The US government on Thursday admitted hackers accessed the personal data of at least four million current and former federal employees, in a vast cyber-attack suspected to have originated in China. AFP PHOTO/Mandel NGAN (Photo credit should read MANDEL NGAN/AFP/Getty Images)
White House Press Secretary Josh Earnest answers questions on the massive cyber-attack on the personal data of government employees June 5, 2015 during the daily briefing in the Brady Briefing Room of the White House in Washington, DC. The US government on Thursday admitted hackers accessed the personal data of at least four million current and former federal employees, in a vast cyber-attack suspected to have originated in China. AFP PHOTO/Mandel NGAN (Photo credit should read MANDEL NGAN/AFP/Getty Images)
A gate leading to the Homeland Security Department headquarters in northwest Washington, Friday, June 5, 2015. China-based hackers are suspected once again of breaking into U.S. government computer networks, and the entire federal workforce could be at risk this time. The Department of Homeland Security said in a statement that data from the Office of Personnel Management _ the human resources department for the federal government _ and the Interior Department had been compromised. (AP Photo/Susan Walsh)
White House Press Secretary Josh Earnest answers questions on the massive cyber-attack on the personal data of government employees June 5, 2015 during the daily briefing in the Brady Briefing Room of the White House in Washington, DC. The US government on Thursday admitted hackers accessed the personal data of at least four million current and former federal employees, in a vast cyber-attack suspected to have originated in China. AFP PHOTO/Mandel NGAN (Photo credit should read MANDEL NGAN/AFP/Getty Images)
WASHINGTON, DC - JUNE 05: The Theodore Roosevelt Federal Building that houses the Office of Personnel Management headquarters is shown June 5, 2015 in Washington, DC. U.S. investigators have said that at least four million current and former federal employees might have had their personal information stolen by Chinese hackers. (Photo by Mark Wilson/Getty Images)
WASHINGTON, DC - JUNE 05: The entrance to the Theodore Roosevelt Federal Building that houses the Office of Personnel Management headquarters is shown June 5, 2015 in Washington, DC. U.S. investigators have said that at least four million current and former federal employees might have had their personal information stolen by Chinese hackers. (Photo by Mark Wilson/Getty Images)
WASHINGTON, DC - JUNE 05: The Theodore Roosevelt Federal Building that houses the Office of Personnel Management headquarters is shown June 5, 2015 in Washington, DC. U.S. investigators have said that at least four million current and former federal employees might have had their personal information stolen by Chinese hackers. (Photo by Mark Wilson/Getty Images)
White House press secretary Josh Earnest speaks about the Chinese hack of the computer system of the Office of Personnel Management, Friday, June 5, 2015, during the daily press briefing at the White House in Washington. (AP Photo/Evan Vucci)
Graphic shows details of recent notable data breaches by organization; 3c x 6 inches; 146 mm x 152 mm;
FILE - This Feb. 24, 2015, file photo, shows the Homeland Security Department headquarters in northwest Washington. The Department of Homeland Security said in a statement Thursday, June 4, 2015, that data from the Office of Personnel Management and the Interior Department had been hacked. (AP Photo/Manuel Balce Ceneta, File)
The American flag is reflected in a window at the Theodore Roosevelt Building, headquarters of the U.S. Office of Personnel Management (OPM), in Washington, D.C., U.S., on Friday, June 5, 2015. The disclosure by U.S. officials that Chinese hackers stole records of as many as 4 million government workers is now being linked to the thefts of personal information from health-care companies. The hackers, thought to have links to the Chinese government, got into the OPM computer system late last year, according to one U.S. official. Photographer: Andrew Harrer/Bloomberg via Getty Images
Vehicles drive past the Theodore Roosevelt Building, headquarters of the U.S. Office of Personnel Management (OPM), in Washington, D.C., U.S., on Friday, June 5, 2015. The disclosure by U.S. officials that Chinese hackers stole records of as many as 4 million government workers is now being linked to the thefts of personal information from health-care companies. The hackers, thought to have links to the Chinese government, got into the OPM computer system late last year, according to one U.S. official. Photographer: Andrew Harrer/Bloomberg via Getty Images
of
SEE ALL
BACK TO SLIDE
SHOW CAPTION +
HIDE CAPTION

"As a result ... devices may not be protected with the most secure recommended configurations, increasing the risk of being compromised," the Treasury's Office of Inspector General (OIG) said.

A copy of the audit was obtained on Thursday through a U.S. Freedom of Information Act request. The Treasury did not respond to a request for comment.

The report comes to light following the revelation of the theft by hackers of millions of U.S. government personnel files. America's intelligence chief has said that hack was linked to China, although U.S. officials say the government does not plan to publicly blame Beijing.

Intelligence analysts use the Treasury's system to identify overseas threats to America's economy and finances. Treasury Secretary Jack Lew said last year the prospect of a cyber attack on the U.S. financial system was a "real threat" to national security.

The Treasury's intelligence system is also used to assess the economic disruption caused by U.S. sanctions on targeted countries, groups and individuals.

In a controversial deal that faces fierce opposition in Congress, the Obama administration has agreed to ease sanctions on Iran if Tehran scales back its nuclear program.

Treasury originally designed its foreign intelligence network in 2004 to be used by about 30 officials but built up the system to accommodate more users as America stepped up its global campaign against al Qaeda and other militant groups.

Between March and May of 2014, OIG auditors conducting an annual review of the Treasury's cybersecurity found some computers using Microsoft Corp's (MSFT.O) Windows had not been properly configured.

That meant network engineers would have trouble updating security software for the sensitive network's computers, servers and printers, the audit said.This was not the first time auditors had found the top secret Treasury system lacking. In a 2008 audit, the OIG found the Treasury Foreign Intelligence Network was slow in upgrading a system that had relied on "antiquated hardware and software."

In a letter attached to the 2014 report, the Treasury's top intelligence officer, S. Leslie Ireland, said she agreed with the OIG's findings. Treasury officials were already working to close the security gap and planned to finish that job by April 2015, about six months after the audit, Ireland said.

It was unclear if that had happened.

(Reporting by Jason Lange; Additional reporting Yeganeh Torbati; Editing by Kevin Krolicki and Lisa Shumaker)

Read Full Story

Sign up for Breaking News by AOL to get the latest breaking news alerts and updates delivered straight to your inbox.

Subscribe to our other newsletters

Emails may offer personalized content or ads. Learn more. You may unsubscribe any time.

From Our Partners