Via Fox News -
The World Bank Group's computer network — one of the largest repositories of sensitive data about the economies of every nation — has been raided repeatedly by outsiders for more than a year, FOX News has learned.
It is still not known how much information was stolen. But sources inside the bank confirm that servers in the institution's highly-restricted treasury unit were deeply penetrated with spy software last April. Invaders also had full access to the rest of the bank's network for nearly a month in June and July.
In total, at least six major intrusions — two of them using the same group of IP addresses originating from China — have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month.
In a frantic midnight e-mail to colleagues, the bank's senior technology manager referred to the situation as an "unprecedented crisis." In fact, it may be the worst security breach ever at a global financial institution. And it has left bank officials scrambling to try to understand the nature of the year-long cyber-assault, while also trying to keep the news from leaking to the public.
The crisis comes at an awkward moment for World Bank president Robert Zoellick, who runs the world's largest and most influential anti-poverty agency, which doles out $25 billion a year, and whose board represents 185 member nations. This weekend, the bank holds its annual series of meetings in Washington — and just in advance of those sessions, Zoellick called for a radical revamping of multilateral organizations in light of the global economic meltdown.
Zoellick is positioning himself and the bank as an institution that can help chart a new path toward global financial stability. But that reputation, more than ever, depends on the bank's stable information infrastructure.
The fact that the information vaults of the World Bank have been repeatedly pried open won't help Zoellick's case.
While it remains unclear how much data has been pilfered from the bank, it's a lot. According to internal memos, "a minimum of 18 servers have been compromised," including some of the bank's most sensitive systems — ranging from the bank's security and password server to a Human Resources server "that contains scanned images of staff documents."
One World Bank director tells FOX News that as many as 40 servers have been penetrated, including one that held contract-procurement data.
Despite the gravity of the break-ins, the bank is trying hard to pretend to outsiders it didn't happen. "There were attempts to hack the bank's computer systems last summer," says a World Bank spokesman. "However, there was no compromise of confidential information." Requests for on-the-record interviews with Zoellick and other top officials were declined.
Meanwhile, the bank's treasurer, Kenneth G. Lay, has been briefing Zoellick's senior management team regularly on the situation since April.
Other bank officials are also sleuthing. The bank's chief information officer, Guy De Poerck, has engaged Price Waterhouse Coopers to do a confidential million-dollar assessment that is expected to tell him what's going on in his own department. And a 22-page internal report by a computer security company named MANDIANT, dated August 18, fleshes out many details of the June-July breaches. But very few people have ever seen the report, and nobody has been permitted to retain a paper copy.
At the same time, De Poerck has been downplaying the problem to the bank's 10,000 rank-and-file staffers as mere intrusion "attempts" in his e-mails. Yet most of those staffers have been asked to change their password three times in the past three months.
"As previously reported in mid-July," CIO De Poerck and a senior bank treasury official wrote in an August announcement to employees, "we would like to reassure you that there is no evidence that Bank staff personal information is at risk from the recent external attempts."
It's unclear how that statement squares with an internal memo to De Poerck a month earlier revealing that a sensitive Human Resources server "that contains scanned images of staff documents" had been successfully breached. De Poerk declined to comment to FOX News about any of these details.
In reality, the situation is serious enough that federal investigators have been called in. "We're not talking about hackers playing games or messing up our website," insists a senior member of the bank's IT department at its Washington headquarters. "It's about the FBI coming last summer and saying, 'You should take a look at your systems because we think something weird is going on.' It's about the intruders knowing what information they wanted — and getting to it whenever they wanted to. They took our existing data stores and organized them in a way that they could be easily accessed at will."
In plainspeak: "They had access to everything," says the source. "They had the keys to every room at the bank. And we can't say whether they still do or don't until we fully and openly address what's happening here."
----------------------------------------
Smells and looks like classic RBN modus operandi. They get in, learn about the environment, research the servers and the software used...and don't make a lot of noise. They extract the data that is useful to them and skip the stuff that isn't...they are pros in any sense of the word. But then they don't leave, they keep a foothold in the network...and come back every so often...they operate with precision....its amazing.
CIO De Poerck's attempt to downplay the breach is pretty lackluster. Anyone worth their salt knows you don't spend a million dollar on a PWC audit and bring in a well-known digital forensic team (MANDIANT) without a serious serious hack.
Total FUBAR...
No comments:
Post a Comment