The Federal Housing Finance Agency’s information technology network has “serious vulnerabilities that increase the likelihood that hacking attempts will succeed,” the FHFA Office of Inspector General concluded in a new report.
The office noted that the FHFA’s network and systems host a variety of data and information, such as financial reports and data from Fannie Mae and Freddie Mac and the Federal Home Loan Banks. However, in a penetration test conducted by the office, it accessed a privileged user account that allowed it to view, edit or save files on the local drives of any user’s laptop or desktop, including FHFA executives at the highest levels.
“We were also able to elevate a standard user account to a domain administrator and take full control of FHFA’s network,” according to the report. “We essentially had unfettered access to the agency’s information technology infrastructure.”
The office made 22 recommendations as a result of its findings. The FHFA agreed to the recommendations and has taken corrective actions, such as updated password creation features and additional employee training.