Nation state is behind serious cyber attack on IMF

Started by jimmy olsen, June 11, 2011, 08:24:42 PM

Previous topic - Next topic

jimmy olsen

China?  :hmm:

http://www.msnbc.msn.com/id/43366865/ns/technology_and_science-security/

QuoteIMF cyber attack sought 'insider presence'
'It was a targeted attack,' says expert who once worked for organization

By Jim Finkle
updated 11 minutes ago
WASHINGTON — The goal of the cyber attack at the International Monetary Fund was to install software that would give a nation state a "digital insider presence" on the network, a cybersecurity expert who has worked for the IMF and World Bank told Reuters Saturday.

"It was a targeted attack," said Tom Kellerman, who understands the network architecture at both international financial institutions and who serves on the board of a group known as the International Cyber Security Protection Alliance.

"The code was developed and released for this purpose," he said.

"The fund is fully functional," said IMF spokesman David Hawley Saturday. "I can confirm that we are investigating an incident. I am not in a position to elaborate further on the extent of the cybersecurity incident."

Bloomberg News reported the IMF's computer system was attacked by hackers "believed to be connected to a foreign government, resulting in the loss of e-mails and other documents."

The attack occurred before the May 14 arrest of former IMF Managing Director Dominique Strauss-Kahn on sexual assault charges, Bloomberg said. It did not identify a suspect government. Cybersecurity experts say it is very difficult to trace a sophisticated cyber break-in to its ultimate source.

An official with the World Bank, the IMF's sister institution in Washington, said the World Bank had cut its network connection with the IMF out of "caution." The information shared on that link was "non sensitive info," the official added.

"The World Bank Group, like any other large organization, is increasingly aware of potential threats to the security of our information system and we are constantly working to improve our defenses," said World Bank spokesman Rich Mills.

The IMF, which has sensitive information on the economies of many nations, was hit during the last several months by what computer experts described as a large and sophisticated cyber attack, The New York Times reported.

The newspaper said the IMF's board of directors was told on Wednesday about the attack.

Experts say cyber threats are increasing worldwide. CIA Director Leon Panetta told the U.S. Congress this week the United States faces the "real possibility" of a crippling cyber attack.

"The next Pearl Harbor that we confront," he said, could be a cyber attack that "cripples our power systems, our grid, our security systems, our financial systems, our governmental systems."

"This is a real possibility in today's world," Panetta told his June 9 confirmation hearing in his bid to become the next U.S. defense secretary.

Attacks on the rise
Internal IMF memos had warned employees to be on their guard.

"Last week we detected some suspicious file transfers, and the subsequent investigation established that a Fund desktop computer had been compromised and used to access some Fund systems," said a June 8 email to employees from Chief Information Officer Jonathan Palmer.

Details of the email were first reported by Bloomberg. Reuters' sources confirmed the wording of the email.

"At this point, we have no reason to believe that any personal information was sought for fraud purposes," the message to employees said.

The incident comes when attacks on computer systems are said by experts to be on the rise — notably those targeting major companies and potentially compromising government security and customer information.

For instance, Lockheed Martin Corp, the Pentagon's No. 1 supplier by sales and the biggest information technology provider to the U.S. government, disclosed two weeks ago that it had thwarted a "significant" cyberattack and said it was a "frequent target of adversaries around the world."

Also hit recently have been Citigroup, Sony and Google.

The attack on Lockheed followed the compromise of "SecurID" electronic keys issued by EMC's Ltd RSA Security division.

SecurIDs are widely used electronic keys to computer systems, designed to thwart hackers by requiring two passcodes: one that is fixed and another that is automatically generated every few seconds by the security system.

SecurIDs are used at the World Bank for remote log-ins.

As an extra precaution, employees receive an automatic email each time they log in from outside, to flag the operation in case it was originated fraudulently by someone else, a World Bank staff member said.

The IMF is seeking a new head following the resignation of Strauss-Kahn after he was charged with the sexual assault of a New York hotel maid.

Lisa Shumaker, Leslie Wroughton and Jim Wolf also contributed to this report.

It is far better for the truth to tear my flesh to pieces, then for my soul to wander through darkness in eternal damnation.

Jet: So what kind of woman is she? What's Julia like?
Faye: Ordinary. The kind of beautiful, dangerous ordinary that you just can't leave alone.
Jet: I see.
Faye: Like an angel from the underworld. Or a devil from Paradise.
--------------------------------------------
1 Karma Chameleon point

MadImmortalMan

 :lol:


I told you that RSA thing would come back to bite us.
"Stability is destabilizing." --Hyman Minsky

"Complacency can be a self-denying prophecy."
"We have nothing to fear but lack of fear itself." --Larry Summers

Camerus

So what?  Even if it is the PRC, China will just deny it, and nothing will happen.  There hasn't been a serious response to Chinese hacking outrages yet, and I doubt this will lead to a first.

The Minsky Moment

What exactly is the International Cyber Security Protection Alliance?
The purpose of studying economics is not to acquire a set of ready-made answers to economic questions, but to learn how to avoid being deceived by economists.
--Joan Robinson

Slargos


alfred russel

There are so many countries that want to attack the IMF...
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.

There's a fine line between salvation and drinking poison in the jungle.

I'm embarrassed. I've been making the mistake of associating with you. It won't happen again. :)
-garbon, February 23, 2014

Martinus

Quote from: Slargos on June 12, 2011, 12:05:36 AM
Israel.

Retaliation on behalf of Jew-Khan.  :hmm:

Ok. Your posts normally make little sense, but even within your insanity paradigm, I fail to see any sense in this.

Why would Israel mount a cyber attack "on behalf of" a leftist French politician (who is probably not very fond of Israel, so if Israel were to support a "French Jew", possibly Sarkozy is a better pick) against the very institution that employed him and suffered a huge PR hit due to the scandal and so was unlikely to set him up?

Zanza


Razgovory

I've given it serious thought. I must scorn the ways of my family, and seek a Japanese woman to yield me my progeny. He shall live in the lands of the east, and be well tutored in his sacred trust to weave the best traditions of Japan and the Sacred South together, until such time as he (or, indeed his house, which will periodically require infusion of both Southern and Japanese bloodlines of note) can deliver to the South it's independence, either in this world or in space.  -Lettow April of 2011

Raz is right. -MadImmortalMan March of 2017

The Brain

QuoteAttacks on the rise

This suggests that China is innocent.
Women want me. Men want to be with me.

Slargos

Quote from: Martinus on June 12, 2011, 02:24:31 AM
Quote from: Slargos on June 12, 2011, 12:05:36 AM
Israel.

Retaliation on behalf of Jew-Khan.  :hmm:

Ok. Your posts normally make little sense, but even within your insanity paradigm, I fail to see any sense in this.

Why would Israel mount a cyber attack "on behalf of" a leftist French politician (who is probably not very fond of Israel, so if Israel were to support a "French Jew", possibly Sarkozy is a better pick) against the very institution that employed him and suffered a huge PR hit due to the scandal and so was unlikely to set him up?

:huh:

He's one of the Elders.


Norgy

Quote from: The Minsky Moment on June 11, 2011, 11:22:47 PM
What exactly is the International Cyber Security Protection Alliance?

Probably vendors of terrific malware.

Maximus


Iormlund

Complexity?

The Stuxnet attack on Iranian nuclear program was so complex that it must have demanded resources far beyond any hacker's reach. Experts on Windows security, database security, process control, nuclear programs, cryptography ...

The Minsky Moment

Quote from: Norgy on June 12, 2011, 08:55:16 AM
Quote from: The Minsky Moment on June 11, 2011, 11:22:47 PM
What exactly is the International Cyber Security Protection Alliance?

Probably vendors of terrific malware.

Uh huh  . . . I question sourcing here.
This looks like some self-defined "expert" with a connection at MSNBC trying to drum up business by speculating.
The purpose of studying economics is not to acquire a set of ready-made answers to economic questions, but to learn how to avoid being deceived by economists.
--Joan Robinson