Attacks/Breaches

10/10/2008
05:37 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

World Bank Besieged By Hackers, Or Not

According to a media report, the World Bank has experienced at least six major intrusions, two from the same IP address in China, since the summer of 2007.

The World Bank's computer network has been repeatedly raided by hackers for over a year, according to a Fox News report.

But a World Bank spokesperson insists the Fox report is inaccurate. "The story is fundamentally wrong," the spokesperson said in an e-mail. "It is riddled with falsehoods and errors and cites misinformation from unattributed sources and e-mails that are taken out of context."

Citing unnamed inside sources, supported by World Bank internal memos, Fox News claims that servers in the World Bank's sensitive treasury unit were compromised by spyware in April and that unauthorized people had complete access to the rest of the bank's network for nearly a month in June and July.

In a July 22 e-mail, Rakesh Asthana, director of corporate information services in the World Bank's Information Solutions Group, warns that "the passwords that have been compromised may have accessed data" and characterizes the situation as an "unprecedented crisis."

An e-mail from July 10 explains that a minimum of 18 servers may have been compromised and that five of them contained sensitive data.

Yet an Aug. 19 memo from the bank's CIO, Guy-Pierre De Poerck, downplays the severity of the situation.

"As reported in the Information Security updates on July 18 and August 6, an external attempt was made to compromise the bank's information network," the memo explains. "Consistent with our procedures, several actions have been taken to counter this threat, and confidential briefings have been provided to appropriate groups within the bank."

The staff memo says that controls on external Web sites have been tightened, that passwords have been reset, and that SecurID tokens have been deployed for Web mail access.

It concludes that "there is no evidence that bank staff personal information is at risk from the recent external attempts."

According to the Fox report, the World Bank has experienced at least six major intrusions, two from the same IP address in China, since the summer of 2007. The FBI has reportedly been looking into the breaches, and Fox's sources characterize the break-ins as serious, as opposed to Web site defacement.

In its statement, the World Bank acknowledges hacking attempts but maintains that nothing noteworthy has happened: "Like other public and private institutions, the World Bank has repeatedly experienced hacking attacks on its computer systems and is constantly updating its security to defeat these. But at no point has a hacking attack accessed sensitive information in the World Bank's Treasury, procurement, anti-corruption or human resources departments. As an institution, we take security seriously."

Ted Julian, VP of strategy and marketing for Application Security, says that based on the information available so far about this incident, it's difficult to say who's to blame or what really happened. But, he said, it's clear that the attackers were after valuable information.

While he doesn't believe it's possible to prevent such incidents entirely, he insists the opportunity to conduct an attack and the risk of an attack can be minimized.

"First and foremost is locking down their data environment," he said in an e-mail. "By that, I mean focusing on the database environment and locking it down so that external attackers can't penetrate, but also internally, which means assessing access controls within the organization. Organizations need to radically rethink their security models, and start looking at hardening their systems from the inside-out, which means securing the core and then extending outward to the perimeter."

He observes that while bank breaches may be met with greater scrutiny during a time of bank failures, "a breach is a breach ... breaches will continue once the economy improves."

InformationWeek has produced an independent security analysis that relates to this topic. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
Kelly Sheridan, Associate Editor, Dark Reading,  11/14/2017
Companies Blindly Believe They've Locked Down Users' Mobile Use
Dawn Kawamoto, Associate Editor, Dark Reading,  11/14/2017
121 Pieces of Malware Flagged on NSA Employee's Home Computer
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/16/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.