| Submit your comments on this article |
| International-UN-NGOs |
| World Bank Under Year Long Cyber Siege |
| 2008-10-10 |
| The World Bank Group's computer network — one of the largest repositories of sensitive data about the economies of every nation — has been raided repeatedly by outsiders for more than a year. It is still not known how much information was stolen. But sources inside the bank confirm that servers in the institution's highly-restricted treasury unit were deeply penetrated with spy software last April. Invaders also had full access to the rest of the bank's network for nearly a month in June and July. In total, at least six major intrusions — two of them using the same group of IP addresses originating from China — have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month. While it remains unclear how much data has been pilfered from the bank, it's a lot. According to internal memos, "a minimum of 18 servers have been compromised," including some of the bank's most sensitive systems — ranging from the bank's security and password server to a Human Resources server "that contains scanned images of staff documents." One World Bank director tells FOX News that as many as 40 servers have been penetrated, including one that held contract-procurement data. I imagine Rantburg's many IT people are having thoughts right about now... Meanwhile, the bank's treasurer, Kenneth G. Lay, has been briefing Zoellick's senior management team regularly on the situation since April. Other bank officials are also sleuthing. The bank's chief information officer, Guy De Poerck, has engaged Price Waterhouse Coopers to do a confidential million-dollar assessment that is expected to tell him what's going on in his own department. And a 22-page internal report by a computer security company named MANDIANT, dated August 18, fleshes out many details of the June-July breaches. But very few people have ever seen the report, and nobody has been permitted to retain a paper copy. At the same time, De Poerck has been downplaying the problem to the bank's 10,000 rank-and-file staffers as mere intrusion "attempts" in his e-mails. Yet most of those staffers have been asked to change their password three times in the past three months. "As previously reported in mid-July," CIO De Poerck and a senior bank treasury official wrote in an August announcement to employees, "we would like to reassure you that there is no evidence that Bank staff personal information is at risk from the recent external attempts." My condolences to the 10,000 rank-and-file staffers, especially those reading this now. Please change your password again as a matter of principle. In reality, the situation is serious enough that federal investigators have been called in. "We're not talking about hackers playing games or messing up our website," insists a senior member of the bank's IT department at its Washington headquarters. "It's about the FBI coming last summer and saying, 'You should take a look at your systems because we think something weird is going on.' It's about the intruders knowing what information they wanted — and getting to it whenever they wanted to. They took our existing data stores and organized them in a way that they could be easily accessed at will." In plainspeak: "They had access to everything," says the source. "They had the keys to every room at the bank. And we can't say whether they still do or don't until we fully and openly address what's happening here. IP adddresses in Macao and China, Indian IT subcontractors, World Bank public denial of any problems whatsoever... this story has it all. Go to the link to read the whole thing if you dare. ;-) |
| Posted by:trailing wife |
| #3 They've got plenty of resources, I know, I've seen it, I believe it had to do with management of those systems. |
| Posted by: Tyranysaurus Elmererong1948 2008-10-10 23:31 |
| #2 Reading slashdot it sounds like someone cracked the security to MS's implementation of active directory ( or Linux/unix version,I forget what it's called ATM), which contains even more security information. Once that is cracked, you essentially own the bank. |
| Posted by: badanov 2008-10-10 20:37 |
| #1 Ken Lay got another job? |
| Posted by: chris 2008-10-10 17:03 |