Slashdot Log In
World Bank Under Cybersiege In "Unprecedented Crisis"
Posted by
kdawson
on Fri Oct 10, 2008 12:34 PM
from the wolf-really dept.
from the wolf-really dept.
JagsLive sends in a Fox News report on large-scale and possibly ongoing security breaches at the World Bank. "The World Bank Group's computer network — one of the largest repositories of sensitive data about the economies of every nation — has been raided repeatedly by outsiders for more than a year, FOX News has learned. It is still not known how much information was stolen. But sources inside the bank confirm that servers in the institution's highly-restricted treasury unit were deeply penetrated with spy software last April. Invaders also had full access to the rest of the bank's network for nearly a month in June and July. In total, at least six major intrusions — two of them using the same group of IP addresses originating from China — have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month. In a frantic midnight e-mail to colleagues, the bank's senior technology manager referred to the situation as an 'unprecedented crisis.' In fact, it may be the worst security breach ever at a global financial institution. And it has left bank officials scrambling to try to understand the nature of the year-long cyber-assault, while also trying to keep the news from leaking to the public." Update: 10/11 01:15 GMT by T : Massive spyware infestations might be good cause to reevaluate the TCO of non-Windows systems on the desktop.
Related Stories
[+]
Technology: British MoD Stunned By Massive Data Loss 166 comments
Master of Transhuman writes "Seems like nobody can keep their data under wraps these days. On the heels of the World Bank piece about massive penetrations of their servers, the British Ministry of Defense has lost a hard drive with the personal details of 100,000 serving personnel in the British armed forces, and perhaps another 600,000 applicants. This comes on the heels of the MoD losing 658 of its laptops over the past four years and 26 flash drives holding confidential information. Apparently the MoD outsources this stuff to EDS, which is under fire for not being able to confirm that the data was or was not encrypted."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
This was bound to happen. (Score:5, Insightful)
These days financial institutions consider IT (and other) security as something that costs them money, without giving them any benefit.
Will this wake them up?
I hear the question "Can we afford"? when talking about security in IT shops. The question that I am coming back with is "Can we afford not to"?
Just how many more banks machines are compromised? How about Federal and Local Government's machines and networks.
If you had enough financial data somebody could cause an economic collapse - I wonder what it would look like.
Re:This was bound to happen. (Score:5, Insightful)
These days financial institutions consider IT (and other) security as something that costs them money, without giving them any benefit.
Will this wake them up?
I hear the question "Can we afford"? when talking about security in IT shops. The question that I am coming back with is "Can we afford not to"?
Just how many more banks machines are compromised? How about Federal and Local Government's machines and networks.
If you had enough financial data somebody could cause an economic collapse - I wonder what it would look like.
For most financial institutions their primary goal when it comes to information assurance is to pass audits. As you stated security is usually a cost center and they do what ever they can to keep that cost down. This generally means doing just enough work to make them compliant and as well all know, compliant != secure. I do not beleive these incidents will change anything unless the financial institutions are forced to a higher standard. I will continue to hope that they will see the light.
Parent
Re:This was bound to happen. (Score:5, Insightful)
Parent
Re:This was bound to happen. (Score:5, Insightful)
Parent
Well . . . (Score:5, Funny)
while also trying to keep the news from leaking to the public
Oops
--
Oh Well, Bad Karma and all . . .
so the chinese orchestrated the market meltdown (Score:5, Funny)
previously, i thought the markets were melting down due to gay marriage
perhaps this is the obvious run up to 2012 and the end of the mayan calendar
paranoid schizophrenics, want to help me out here?
Funny the Email is referencing External webmail (Score:5, Informative)
Well of course I can't be certain but this appears to be ntohing more than a breach of their email system (encrypt your damn email people).
From the leaked memo "MD and CIO has directed that all external Webmail accounts be disabled immediately for all staff who have not changed their passwords yet"
Blaming the Chinese is useless (Score:5, Insightful)
First thing I would do is launch my attack from a compromised host in country X while being in country Y
0wn3d (Score:5, Informative)
Damn, they got owned completely, 3 different times. Someone in their security department needs to get a clue. Somehow their offsite data store got accessed, then an IT consultant worker key logged them, and finally they got in again through a third party and escalated to admin rights.
3 different attack vectors, all completely successful. That is just kinda pathetic...
Dear World Bank (Score:5, Funny)
I hear you have an opening for a security expert...
Re:Dear World Bank (Score:5, Funny)
Parent
Security? (Score:5, Insightful)
Face it, no matter how secure a system is, if it is usable by humans it can be breached. Easily.
There is anywhere from a 100 to 1000 hackers/crackers/slimeballs out there that are ready and willing to take on each and every system. Ones that claim to be "secure" are just a bigger target. There is no such thing as a completely "secure" system that is usable and accessible by ordinary humans. True security would require controlled physical access, multiple authenticating factors, and so on. None of this is going to happen for an accessible system usable by "ordinary humans".
About all that is realistic is to minimize the damages. Face the fact that if you are a target you are going to lose. Try not to lose too much.
Prosecution of the break-in? Forget it. It's the Internet. It is International. If it looks like it is coming from China, it could be real or it could be a proxy. There are no effective International laws that will assist in any sort of prosecution. There is no supra-national police force that will break down the door of the cracker and haul them away. Nothing is going to happen. Unless the guy is a complete idiot that brags about it.
Re:Fox is like the National Enquirer (Score:5, Funny)
Hi.
Apparently, the World Bank is under cybersiege in an "Unprecedented Crisis". Turns out they've been hacked repeatedly, apparently from China.
I have a 5 digit Slashdot ID, so I think you can count on me being a reliable source. I got the information from a Slashdot story as well, so you can be pretty certain it's completely accurate.
Parent
Re:Fox is like the National Enquirer (Score:5, Funny)
I'd mod you up, but I read on Fox News that Slashdot was full of Chinese hackers.
Parent
Re:Fox is like the National Enquirer (Score:5, Funny)
I'd mod YOU up but I heard that moderators were full of Chinese hackers.
(oops did just say that out loud?)
Parent
Re:Fox is like the National Enquirer (Score:5, Funny)
Which would probably explain a lot.
Parent
Re:Fox is like the National Enquirer (Score:5, Funny)
To add more credibility, I concur with my fellow poster with my 4 digit ID.
Parent
Re:Fox is like the National Enquirer (Score:5, Funny)
Parent
Re:Fox is like the National Enquirer (Score:5, Funny)
I'm just here to say these two young slashdotters have definitely seen the truth, though they still have a lot to learn from us 3 digit IDers.
Parent
Re:Fox is like the National Enquirer (Score:5, Funny)
My id has only three distinct numbers, can I be an honorary 3-digiter?
Parent
Re:I Hope They Destroy This Monster (Score:5, Funny)
It is Satan's rectum, poised over the third-world.
Best slashdot line in ages.
Parent
Urgent message to mods re: Satan's rectum (Score:5, Insightful)
Please, please, please mod parent comment down. The last thing we need is for the phrase "It is Satan's rectum, poised over ..." to become a new Slashdot meme.
I mean can you imagine:
- an item about Linux and posts like "It is Satan's rectum, poised over capitalism";
- an item about fascism and posts like "It is Satan's rectum, poised over our freedoms";
- an item about the Cheney/Bush government and posts like "It is Satan's rectum, poised over privacy and the U.S. Constitution"
- an item about a new Windows version and posts like "It is Satan's rectum, poised over the computer world";
Yech! Please stop it before it starts!
Parent
Re:Before anyone mods the parent down.... (Score:5, Insightful)
Actually, I never assumed for a moment that the parent was a left wing nut. I assumed he was a right wing nut. There is a certain section of conservative opinion that believes any international multilateral body (I'm looking at you, U.N) is the spawn of satan.
Parent
Re:Before anyone mods the parent down.... (Score:5, Insightful)
Parent
Re:Before anyone mods the parent down.... (Score:5, Informative)
That's not at all what actually happens. You should read John Perkins' book Confession of an Economic Hitman [amazon.com]
You can find interviews of him explaining it all over the internet. It has nothing to do with "lasse-faire" capitalism.
The IMF/World Bank gives a country (normally with a valuable natural resource) a loan it knows it can't pay off to build infrastructure that benefits only a few big corporations, normally foreign. Once the country defaults, the banks get the country to sign over its infrastructure and natural resources to them and other corporations.
That isn't capitalism of any form. It is legalized theft.
Parent