FBI: Insider Stole from Fed Reserve

Programmer Charged With Stealing Proprietary Code
FBI: Insider Stole from Fed Reserve
Prosecutors have charged a former computer programmer at the Federal Reserve with stealing software used to track federal collections and payments.

See Also: SSH Study: U.S., U.K. and Germany Executive Summary

The Federal Bureau of Investigation announced that its complaint against Bo Zhang had been unsealed. Zhang was arrested and charged Jan. 18 for stealing proprietary code used by the Department of Treasury in its Government-Wide Accounting and Reporting Program. The program, which is used to track government finances and issue account statements for federal agencies, cost an estimated $9.5 million to develop.

Zhang, 32, of Queens, N.Y., reportedly admitted to authorities he copied the code and used it as a training tool for a personal side business. He now faces up to 10 years in prison and a $250,000 fine.

The source code is maintained by the Federal Reserve Board of New York. Zhang allegedly accessed the code between May 2011 and Aug. 11, 2011, while working as a contracted programmer at the Federal Reserve Bank in New York.

Mike Braatz, senior vice president and general manager of bank fraud for Memento, a fraud-management software services provider, says what's notable about the case is that the Federal Reserve is taking the threat seriously by prosecuting the suspect. "But," he adds, "the fact that this type of breach was able to go unnoticed until the suspect notified his supervisor is further evidence that organizations of all types can and should be doing more to monitor the activities of insiders and detect and investigate suspicious behavior."

FBI Assistant Director Janice K. Fedarcyk said the case highlights vulnerabilities the nation's cyberinfrastructure faces from internal threats. [See Insiders: Security Risk No. 1.]

"Zhang took advantage of the access that came with his trusted position to steal highly sensitive proprietary software," she said. "His intentions with regard to that software are immaterial. Stealing it and copying it threatened the security of vitally important source code."

According to court files, Zhang was hired last May by an unnamed consulting firm that had been brought in by the Fed to work on computers. Investigators uncovered the breach after one of Zhang's colleagues told a supervisor he had lost a hard drive containing the code.

Julie McNelley, a research director and fraud analyst for Aite Group, says the case reinforces the value of information. "It's not just money that's the target, but also intellectual property, which can then be monetized in a variety of ways," she says. "As organizations are looking to secure their infrastructure, they need to be aware of all the ways in which valuable data could be exposed and stolen, and implement technologies and procedures to mitigate that risk."


About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.