Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/11/2008
08:32 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

World Bank (Allegedly) Hacked

It seems, based on a FoxNews.com report that broke Friday that the World Bank Group suffered a series of cyberattacks during the past few months. The claims of the level of access gained by the attackers are troubling -- but the real extent of the breach remains in dispute, and unknown.

It seems, based on a FoxNews.com report that broke Friday that the World Bank Group suffered a series of cyberattacks during the past few months. The claims of the level of access gained by the attackers are troubling -- but the real extent of the breach remains in dispute, and unknown.These days, it's tough for any bank to ask for trust from the public. But that's essentially what the poverty-fighting World Bank Group is asking us right now. Trust us: We haven't put the money you've loaned us at risk. The risk this time doesn't involve overleveraged loans or the failure to mark collateralized loans to fair market value. Instead, the risk comes from whether the World Bank took reasonable steps to secure its infrastructure, to what level it was breached, and if it's now being straightforward with the (little) public disclosure the organization has provided so far.

Before we take a look at the FoxNews.com report, let's look at what the World Bank said after the news story went public:

"The Fox News story is wrong and is riddled with falsehoods and errors. The story cites misinformation from unattributed sources and leaked emails that are taken out of context.

"Like other public and private institutions, the World Bank has repeatedly experienced hacking attacks on its computer systems and is constantly updating its security to defeat these. But at no point has a hacking attack accessed sensitive information in the World Bank's Treasury, procurement, anti-corruption or human resources departments."

To FoxNews.com's credit, they claim to have reached out to World Bank officials before running with the story:

Requests for on-the-record interviews with Zoellick and other top officials were declined.

Perhaps it would have been a better idea for the World Bank to share, even what little it could have without jeopardizing any current investigations, before the story ran. At least it would have been proactive in its argument against the "falsehoods," "errors," "misinformation," and "leaked e-mails taken out of context." If it had done that, the story would have had a much different tone.

The bigger question on this point is why, and how, the e-mails were accidentally or purposefully leaked in the first place.

Here's how our Kelly Jackson Higgins summed up the breach from FoxNews.com's report:

According to the FoxNews.com report, World Bank employees have been ordered to change their passwords three times in the past three months in the wake of the attacks, which spanned somewhere between 18 and 40 of its servers in multiple hacks, which began last year. The published report says there were six major break-ins in the past year, and that at least five servers containing sensitive data were exposed. FoxNews apparently obtained an internal e-mail message and memos from the World Bank in response to the attacks that illustrate the complicated series of events and the agency's response to them.

The revelation of breaches at the World Bank could not come at a worse time given the global financial crisis, but security experts say the hacks were coincidental and unlikely to be tied to the economic developments. The World Bank provides financial and technical assistance to developing countries, and includes 185 member nations on its board.

The World Bank also didn't respond to Dark Reading's request for interview.

While the nature of this alleged breach is foggy, the public allegations to date include the charge that attackers had access to a wide swath of the World Bank's network for nearly a month; a July attack may have began from a compromised SYSTEM ADMINISTRATOR account; and that several Web servers were involved in the attack.

We'll have no idea how this potential attack occurred, and to what depths it reached, unless the World Bank comes out publicly and explains it, or the issue ends up in court. If the allegations that a sys admin's account was compromised and that the attackers had access to network traffic for nearly a month are accurate, the only safe assumption is that any systems that touch these areas of the network are at significant risk of having been breached.

It's also quite possible that if the Web servers were vulnerable, that this situation consists of multiple attackers infiltrating vulnerabilities they each discovered independently.

The only takeaway we have so far is, whether or not you believe that your organization will be attacked and that the press will learn of the attack, you'd better have a plan devised in how you're going to respond. The worst could happen -- and you don't want to be making decisions at that time in a state of panic.

That plan had better be devised by your risk and security managers, business leaders, legal teams, as well as communications staff. How you respond when the events (or various interpretations of them) go public will set the tone of the news story for a long time.

The people who will be reading those reports are your current customers, suppliers, employees, and business prospects. They all deserve to know and have confidence that no matter what happened, the situation is now under control.

As of the time I published this blog post, I was unable to locate any public statement from the World Bank on its Web site regarding these suspected incidents.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13288
PUBLISHED: 2020-08-12
In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page
CVE-2020-13290
PUBLISHED: 2020-08-12
In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page.
CVE-2020-13291
PUBLISHED: 2020-08-12
In GitLab before 13.2.3, project sharing could temporarily allow too permissive access.
CVE-2020-6294
PUBLISHED: 2020-08-12
Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.
CVE-2020-6295
PUBLISHED: 2020-08-12
Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to vie...