Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security

Leaked Report Shows United Nations Suffered Hack (seattletimes.com) 32

Sophisticated hackers infiltrated U.N. offices in Geneva and Vienna last year in an apparent espionage operation, and their identity and the extent of the data they obtained is unknown. From a report: An internal confidential document from the United Nations, leaked to The New Humanitarian and seen by The Associated Press, says dozens of servers were compromised including at the U.N. human rights office, which collects sensitive data and has often been a lightning rod of criticism from autocratic governments for exposing rights abuses. Asked about the report, one U.N. official told the AP that the hack appeared "sophisticated" and that the extent of the damage remained unclear, especially in terms of personal, secret or compromising information that may have been stolen. The official, who spoke only on condition of anonymity to speak freely about the episode, said systems have since been reinforced. The skill level was so high it is possible a state-backed actor might have been behind it, the official said.

"It's as if someone were walking in the sand, and swept up their tracks with a broom afterward," the official said. "There's not even a trace of a clean-up." The leaked Sept. 20 report says logs that would have betrayed the hackers' activities inside the U.N. networks -- what was accessed and what may have been siphoned out -- were "cleared." It also shows that among accounts known to have been accessed were those of domain administrators -- who by default have master access to all user accounts in their purview. "Sadly ... still counting our casualties," the report says.

This discussion has been archived. No new comments can be posted.

Leaked Report Shows United Nations Suffered Hack

Comments Filter:
  • by quenda ( 644621 ) on Wednesday January 29, 2020 @02:00PM (#59668498)

    Is slashdot getting revenue linking to a local AP feed with anti-adblock software? Just go direct to the source:

    https://www.thenewhumanitarian... [thenewhumanitarian.org]

    And the suspect? Like Jerry's girlfriend, it rhymes with a part of the female anatomy.

    • > And the suspect? Like Jerry's girlfriend, it rhymes with a part of the female anatomy.

      (puss) : US

    • by whoda ( 569082 )

      More likely it rhymes with lifespan, quran or turbofan.
      Take your pick.

      • More likely it rhymes with lifespan, quran or turbofan. Taker your pick.

        That, or it rhymes with diarrhea, pizzeria, or South Korea.
        Or like an orange blowhard once said, "I mean, it could be Russia, but it could also be China. It could also be lots of other people. It also could be somebody sitting on their bed that weighs 400 pounds, OK?" But probably one of those rhyming usual suspects.

        • You do know that all those rhyming suspects are members of UN, and can just log in to the server and see what's there, right?
          UN is short for United Nations, so these "state backed actors" already have accounts in the damn system...
  • Melodramatic much?! (Score:5, Interesting)

    by the_skywise ( 189793 ) on Wednesday January 29, 2020 @02:04PM (#59668506)

    Casualties?!
    Reinforced defenses?!
    "It's as if someone were walking in the sand, and swept up their tracks with a broom afterward,"
    "The skill level was so high it is possible a state-backed actor might have been behind it,"

    Good lord man - They hacked in and deleted the logs probably because one of your admins used the password Iamgod#1.

    Compare the data to your backups to defend against anything changed (you did keep backups, right?) and if there was any incriminating evidence of human rights abuses that got out that you were sitting on then maybe that's a GOOD THING.

    • This is why you have a SIEM and a backup server separate from everything else, perhaps even using WORM tapes so logs can't be tampered with without physical help. On the UNIX side, a secure syslog box with everything locked down would ensure that this doesn't happen.

      SIEMs are not rocket science. Nor is having them separate from the rest of your network structure and having their own backup system.

      • I thought everyone still directed logs directly to a dot matrix printer?

        • I thought everyone still directed logs directly to a dot matrix printer?

          I believe in rock-solid security, so it's cuneiform tablets or nothing. My logs will last for thousands of years.

    • Sophisticated? Sounds run-of-the-mill to me (not well protected assets hacked by those with some skills). Maybe they have some other evidence of the hackers munching on toast points with caviar while listening to aa collection of arias by Verdi.

      • Yeah - no kidding. My personal email server (with a whopping 2 email addresses) was under CONSTANT attack from Chinese, Vietnamese and Russian IPs trying all sorts of common exploits along with a brute force password attack (1 attempt with a common username/password combo every minute). (I finally got tired of the hassle and just run a service for $10/year with my registrar)

        I had my username/password stolen in some big hack but I had updated all my important accounts with fresh passwords (and unique ones

    • Good lord man - They hacked in and deleted the logs probably because one of your admins used the password Iamgod#1.

      It's the UN. They're not exactly known for skill or competence. For much of their organization, positions are simply gravy train jobs for member states, often hired or appointed more for political reasons than skill or actual expertise. Some of their orgs have top-notch people. The World Health Organization, for one. But much of Turtle Bay is filled with bureaucratic leeches and hangers-on.

  • by Gabest ( 852807 ) on Wednesday January 29, 2020 @02:07PM (#59668520)

    How did the leaked documents get out?

    • How did the leaked documents get out?

      Leaks are usually intentional. Leaks are used to promote a certain narrative or send a particular message, when using official channels would be politically complicated. More often than not, they do not occur due to intrusions or a lack of security. When information gets out accidentally they call it a hack.

  • The summary states "the U.N. human rights office, which has often been a lightning rod of criticism from autocratic governments for exposing rights abuses" when it should state "the U.N. human rights office, which has on it many countries with autocratic governments which enable rights abuses". Such as Libya, Sudan, Venezuela, India, Philippines. At least the USA isn't on it any more, and the chairman, Saudi Arabia, is finally off too.

    The UNHRC is a joke. It is anti-Semitic and does nothing but bash Isra

    • Re: (Score:2, Troll)

      by uvajed_ekil ( 914487 )

      The UNHRC is a joke. It is anti-Semitic and does nothing but bash Israel at every turn. It has resolved more resolutions condemning Israel than the rest of the world combined. It's secret when anyone files a complaint, so nobody knows what's corruption is going on.

      The real joke is you folks who think no one can ever possibly question the government of Israel or call them on their oppressive policies, their corruption, or their war crimes, without being anti-semitic. I have nothing against Jewish people (yes, I have Jewish friends and family members), nor the people of Israel, nor any religion, nor the people of any religion, and having a problem with what the Israeli government doesn't necessarily make me anti-semitic. You speak of corruption yet you give Israel a pa

  • Actually, a skilled operator would have restored the logs to a state including all activity not-related to the incursion; left no traces within the compromised systems and the only (perhaps) discoverable traces would have been differences in total volume of network packet traffic as defined via the falsified logs and external network hardware/actual packet volume.

    So, maybe this is a somewhat adept intrusion, but certainly not best skilled and only nation state type action. Plan B for that kind of hack; inst

  • by Way Smarter Than You ( 6157664 ) on Wednesday January 29, 2020 @05:21PM (#59669186)
    Well, except for all the internal reports about blue helmets raping women and children they're supposed to be helping. More likely than a real attack, someone just claimed there was to cover up deleting a bunch of rape information files with the names of too many important UN people.

Some people claim that the UNIX learning curve is steep, but at least you only have to climb it once.

Working...