World Bank Hacked, Sensitive Data Exposed

The World Bank Group has been hit by a series of hacker attacks on its network over the past few months, possibly exposing sensitive data held by the anti-poverty agency, according to a published report.

A WBG spokesperson acknowledged in the report that the agency had "repeatedly experienced hacking attacks on its computer systems" but that no hackers had "accessed sensitive data in its treasury, procurement, anti-corruption, or human resources departments" as FoxNews.com reported today.

According to the FoxNews.com report, World Bank employees have been ordered to change their passwords three times in the past three months in the wake of the attacks, which spanned somewhere between 18 and 40 of its servers in multiple hacks, which began last year. The published report says there were six major break-ins in the past year, and that at least five servers containing sensitive data were exposed. FoxNews apparently obtained an internal email message and memos from the World Bank in response to the attacks that illustrate the complicated series of events and the agency's response to them.

The revelation of breaches at the World Bank could not come at a worse time given the global financial crisis, but security experts say the hacks were coincidental and unlikely to be tied to the economic developments. The World Bank provides financial and technical assistance to developing countries, and includes 185 member nations on its board.

"We really don't know at this moment what information was stolen," says Graham Cluley, senior technology consultant for Sophos. "It's just as possible that it was a bunch of college kids breaking into something they shouldn't be as [it is for] some political or financial motivation. At the same time, economic and financial institutions basically bleed because of a [loss] in confidence and trust."

A World Bank spokesperson had not responded to Dark Reading for an interview as of press time.

Spyware was somehow loaded onto World Bank servers, the report said, at one time giving the attackers wide access to the network for nearly a month during the period of June and July. The FBI reportedly is investigating the breaches as well.

It's unclear how, if at all, the attacks are interrelated, but the attack in July originated from a compromised system administrator account in Lotus Notes, according to an internal memo obtained by Fox News. The memo says it appears some Web servers were the attack vector in this case.

While two of the hacks reportedly came from a group of IP addresses in China, security experts are highly skeptical that it was an orchestrated attack from China. Most likely, they say, the attackers merely used compromised machines in China.

Dave Marcus, director of security research and communications for McAfee Avert Labs, says the idea of an orchestrated attack out of China was "blown out of proportion," which often is the case in other breaches that come from China-based IP addresses.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.