The computer network used by the World Bank Group has suffered a series of at least six intrusions since mid-2007, according to a report.
The World Bank Group was first notified of the intrusions by the FBI in September 2007, when the bureau was investigating another cybercrime case involving transactions out of Johannesburg, South Africa. Fox News said it has an internal memo describing the initial intrusion to World Bank Group employees.
The World Bank Group did not respond to a request for comment.
The World Bank Group, based in Washington, D.C., is not a traditional bank. It is made up of the International Bank for Reconstruction and Development and the International Development Association, and it provides a vital source of financial and technical assistance to developing countries around the world, according to its Web site. The World Bank board represents 185 member nations and currently budgets US$25 billion annually in anti-poverty campaigns.
Up to 40 servers have been penetrated in a series of attacks, according to Fox News, including one attack on a server that held contract-procurement data.
Two of the attacks appear to come from the same block of IP addresses originating in China. But Graham Cluley, senior technology consultant at Sophos, said that didn’t mean the attackers were in China, only that they were using compromised machines located in that country.
“Ideally, if you’re a large organisation or financial organisation, then you would have a team of penetration testers testing your system to the limit looking for those weaknesses, looking for those holes,” Cluley said. “It’s much better that you find them before a criminally minded hacker does.”
Fox News also published a more recent memo from August 19, 2008 in which World Bank Group staff were told to change personal passwords and start using security “tokens” or cards to access the organisation’s applications remotely. These tokens, such as the two-factor tokens being used by VeriSign, are synced with an internal server and display password strings that are valid only for a minute or so.
Cluley questioned why these attacks weren’t more of a priority with World Bank staff. “Every bank on High Street (in London) already has that requirement of its customers,” he said. “Every firm with critical data should be giving its employees (password tokens) because otherwise compromise is just as simple as having a key-logging piece of spyware on the desktop.”
It is unclear how the intrusions occurred, when they started, or whether they are even related.
Fox said that outside forensics teams have since been brought in to investigate. In an e-mail to ZDNet.com.au sister site CNET News, a representative for Mandiant, a US-based digital forensics company, confirmed that the World Bank was a client but would not elaborate on the work done on its behalf.
“Regardless of the facts,” Cluley said, “every organisation needs to learn that this can happen to big organisations and small ones, and make sure they have proper security and encryption in place.”
ZDNet
