'Sophisticated cyber attack' targets IMF
Hackers attempted to create a mysterious 'insider presence' at the organisation, which is investigating with the FBI.
Last Modified: 12 Jun 2011 03:14
The IMF announced a 'very major breach' in its electronic network on Saturday [Reuters]

The International Monetary Fund's computer system has been targeted in a cyber attack which sought to gain an 'insider presence' in the organisation's network.

An IMF spokesperson said on Saturday that the network was hacked and much information was stolen prior to the May 14 arrest of former IMF chief Dominique Strauss-Kahn, but would not release more details about what was taken.

"The fund is fully functional," said David Hawley, the IMF spokesperson.

"I can confirm that we are investigating an incident. I am not in a position to elaborate further on the extent of the cybersecurity incident."

"This was a very major breach," a senior official with knowledge of the attack told the New York Times.

According to a cybersecurity expert who has worked for both the IMF and World Bank, the goal of the attack was to install software that would give a nation-state a "digital  insider presence" on the network.

Probing the attack

No reliable source has yet identified what government orchestrated the hack, but the United States' Federal Bureau of Investigation is involved in an investigation of the cyber attack, according to a US Defense Department spokesperson.

The IMF, which has sensitive information on the economies of many nations, was hit during the last several months by what computer experts described as a large and sophisticated cyber attack, The New York Times reported.

The newspaper said the IMF's board of directors was told on Wednesday about the attack.

Internal IMF memos had warned employees to be on their guard.

"Last week we detected some suspicious file transfers, and the subsequent investigation established that a Fund desktop computer had been compromised and used to access some Fund systems," said the June 8 email to employees from Chief Information Officer Jonathan Palmer.

"At this point, we have no reason to believe that any personal information was sought for fraud purposes," the message to employees said.

'Increasing threat'

Cybersecurity experts say it is very difficult to trace a sophisticated cyber break-in to its ultimate source.

An official with the World Bank, the IMF's sister institution in Washington, said the World Bank had cut its network connection with the IMF out of "caution".

The information shared on that link was "non sensitive info," the official added.

"The World Bank Group, like any other large organisation, is increasingly aware of potential threats to the security of our information system and we are constantly working to improve our defenses," said World Bank spokesperson Rich Mills.

Experts say cyber threats are increasing worldwide.

CIA Director Leon Panetta told the US Congress this week the United States faces the "real possibility" of a crippling cyber attack.

"The next Pearl Harbor that we confront," he said, could be a cyber attack that "cripples our power systems, our grid, our security systems, our financial systems, our governmental systems."

"This is a real possibility in today's world," Panetta told his June 9 confirmation hearing in his bid to become the next US defense secretary.

The incident comes as attacks on computer networks are said by experts to be on the rise - notably those targeting major companies and potentially compromising government security and customer information.

For instance, Lockheed Martin Corp, the Pentagon's top military supplier by sales and the biggest information technology provider to the US government, disclosed two weeks ago that it had thwarted a "significant" cyber attack and said it was a "frequent target of adversaries around the world."

Also hit recently have been Citigroup Inc, Sony Corp and Google.

The attack on Lockheed followed the compromise of "SecurID" electronic keys issued by EMC's Ltd RSA Security division.

SecurIDs are widely used electronic keys to computer systems, designed to thwart hackers by requiring two passcodes: one that is fixed and another that is automatically generated every few seconds by the security system.

SecurIDs are used at the World Bank for remote log-ins.

As an extra precaution, employees receive an automatic email each time they log in from outside, to flag the operation in case it was originated fraudulently by someone else, a World Bank staff member said.

Topics in this article
Featured on Al Jazeera
Italy struggles to deal with growing flood of migrants willing to risk their lives to reach the nearest European shores.
Israel's Operation Protective Edge is the third major offensive on the Gaza Strip in six years.
Muslims and Arabs in the US say they face discrimination in many areas of life, 13 years after the 9/11 attacks.
At one UN site alone, approximately four children below the age of five are dying each day.
Absenteeism among doctors at government hospitals is rife, prompting innovative efforts to ensure they turn up for work.
Marginalised and jobless, desperate young men in Nairobi slums provide fertile ground for al-Shabab.
The Khmer Rouge tribunal is set to hear genocide charges for targeting ethnic Vietnamese and Cham Muslims.
'I'm dying anyway, one piece at a time' said Steve Fobister, who suffers from disabilities caused by mercury poisoning.
The world's newest professional sport comes from an unlikely source: video games.
join our mailing list