World Bank hit by cyberattacks, claims report
Published: 13 Oct 2008 10:00 BST
The computer network used by the World Bank Group has suffered a series of at least six intrusions since mid-2007, according to a report.
The World Bank Group was first notified of the intrusions by the FBI in September 2007, when the bureau was investigating another cybercrime case involving transactions out of Johannesburg, South Africa. Fox News said it has an internal memo describing the initial intrusion to World Bank Group employees.
The World Bank Group did not respond to a request for comment.
The World Bank Group, based in Washington, DC, is not a traditional bank. It is made up of the International Bank for Reconstruction and Development and the International Development Association, and it provides a vital source of financial and technical assistance to developing countries around the world, according to its website. The World Bank board represents 185 member nations and currently budgets $25bn (£15bn) annually in anti-poverty campaigns.
Up to 40 servers have been penetrated in a series of attacks, according to Fox News, including one attack on a server that held contract-procurement data. Two of the attacks appear to come from the same block of IP addresses originating in China. But Graham Cluley, senior technology consultant at Sophos, told ZDNet.co.uk's sister site, CNET News.com, that doesn't mean the attackers are in China — only that they are using compromised machines located in that country.
"Ideally, if you're a large organisation or financial organisation, then you would have a team of penetration testers testing your system to the limit looking for those weaknesses, looking for those holes," Cluley said. "It's much better that you find them before a criminally minded hacker does."
Apparently, the World Bank Group does not conduct its own security-assessment testing, a requirement of financial institutions in the US and other countries.
Fox News also published a more recent memo from 19 August, 2008 in which World Bank Group staff were told to change personal passwords and start using security 'tokens' or cards to access the organisation's applications remotely. These tokens, such as the two-factor tokens being used by VeriSign, are synced with an internal server and display password strings that are valid only for a minute or so.
Cluley questioned why these attacks aren't more of a priority with World Bank staff. "Every bank on the high street already has that requirement of its customers," he said. "Every firm with critical data should be giving its employees [password tokens] because otherwise compromise is just as simple as having a key-logging piece of spyware on the desktop."
It is unclear how the intrusions occurred, when they started, or whether they are even related.
Fox said that outside forensics teams have since been brought in to investigate. In an email to CNET News.com, a representative for Mandiant, a US-based digital forensics company, confirmed that the World Bank is a client but would not elaborate on the work done on its behalf.
"Regardless of the facts," Cluley said, "every organisation needs to learn that this can happen to big organisations and small ones, and make sure they have proper security and encryption in place."
Credit: World Bank under cyberattack? from CNET News.com
Did you find this article useful?
3 out of 3 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
