World Bank Computers Unsecured, Under Siege Since Before July

11 10 2008

IT Chief – “Please bear with us during this unprecedented crisis.

(Update I)

Fox News is reporting that the World Bank’s computer network has been compromised, and that their IT department has known about it since 22 July.

Bank officials have confirmed the bank’s Treasury Unit’s servers were invaded with “spy software” in April, and that intruders had full access to the entire World Bank internal network in June and July.  As many as 40 servers may have been compromised.  According to the report, one World Bank director told Fox as many as 40 servers have been penetrated, including one that held contract-procurement data.”

Here is the chilling email notice sent out by the banks top technology manager announcing the network’s compromise.

Officials admit knowing about at least six intrusions, two of which originated from the same IP address block in China.  The most recent breach was in September.

While it remains unclear how much data has been pilfered from the bank, it’s a lot. According to internal memos, “a minimum of 18 servers have been compromised,” including some of the bank’s most sensitive systems — ranging from the bank’s security and password server to a Human Resources server “that contains scanned images of staff documents.”

As the World Bank seeks to present itself as an institution that can be of great value as government officials try to restructure the global economy, this ongoing internal network breach could endanger public confidence in the bank’s ability to take on such a role.

The World Bank was established in 1945 by the Bretton Woods Agreement and offers development aid and technical assistance to developing countries, as well as post disaster reconstruction.  It has 185 member nations on it’s board and spends $25 billion a year, with the overall aim of reducing poverty.

According to Fox,

This weekend, the bank holds its annual series of meetings in Washington — and just in advance of those sessions, Zoellick called for a radical revamping of multilateral organizations in light of the global economic meltdown.

[Bank President] Zoellick is positioning himself and the bank as an institution that can help chart a new path toward global financial stability. But that reputation, more than ever, depends on the bank’s stable information infrastructure.

The fact that the information vaults of the World Bank have been repeatedly pried open won’t help Zoellick’s case.

One  senior member of their IT department emphasised the seriousness of the network intrusions:

It’s about the intruders knowing what information they wanted — and getting to it whenever they wanted to. They took our existing data stores and organized them in a way that they could be easily accessed at will.”

In plainspeak: “They had access to everything,” says the source. “They had the keys to every room at the bank. And we can’t say whether they still do or don’t until we fully and openly address what’s happening here.”

Comment:  Maybe it would be a good idea for the World Bank to set up their network to use the new “Unbreakable” Quantum Encryption just unveiled (BBC). -dcm

Update I:

Fox has updated their story:

After FOX News published its story, a World Bank spokesman issued the following statement:

“The Fox News story is wrong and is riddled with falsehoods and errors. The story cites misinformation from unattributed sources and leaked emails that are taken out of context.

“Like other public and private institutions, the World Bank has repeatedly experienced hacking attacks on its computer systems and is constantly updating its security to defeat these. But at no point has a hacking attack accessed sensitive information in the World Bank’s Treasury, procurement, anti-corruption or human resources departments.”

FOX News stands by its story.




One response

11 10 2008

Comment: Maybe it would be a good idea for the World Bank to set up their network to use the new “Unbreakable” Quantum Encryption just unveiled (BBC). -dcm

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: