About 4,500 people working for the World Bank Group apparently hadn't changed their passwords when an emailed memo was written to remind a dozen or so key people, back in July of this year. Which is not good, since WBG had been under attack since Summer of 2007.
Last April, spy software dug deep into servers in World Bank Group's treasury unit, that's supposed to be unusually secure. For almost a month's time, in June and July, hackers had full access to the rest of WBG's network.
To World Bank Group's credit, a memo was sent around via email, back in July.1
On the other hand, nobody, except the hackers, seems to know just what data accessed and (presumably) copied. Considering the sort of data that the World Bank Group has, letting somebody from the outside read it is very bad news.
It gets more interesting.
Of the six major attacks so far, two are from the same set of IP addresses. In China. Could be a coincidence, but China's been overly-inquisitive about other people's data before.
I'm not happy to hear this. I'd say that one thing the world doesn't need right now is an unknown amount of very sensitive data, in all likelihood concerning almost 200 countries. The possibility that the Chinese government is involved doesn't make me any calmer. China doesn't exactly have a stellar record on human rights, and - melodramatic as this sounds - I'm concerned about why China needs a secret submarine base.
World Bank Group: A Little BackgroundBasically, it's an anti-poverty agency with a multi-billion-dollar budget, with representatives from 185 countries on its The World Bank, which "is a vital source of financial and technical assistance to developing countries around the world...," has a fairly rich About Us section. One of the resource links there is to a 12-page brochure, World Bank Group / Working for a World Free of Poverty, that describes the organization and its five units:
- International Bank for Reconstruction and Development
- International Development Association
- International Finance Corporation
- Multilateral Investment Guarantee Agency
- International Centre for the Settlement of Investment Disputes
- "The War on Terror? This May be The War For Freedom"
(March 18, 2008)
- "World Bank Hacked, Sensitive Data Exposed"
Dark Reading (October 10, 2008)
- "World Bank Under Cyber Siege in 'Unprecedented Crisis' "
FOXNews (October 10, 2008)
1 The email reads, in part, "We have new evidence that the Passwords that have been compromised may have accessed data. ... Please bear with us during this unprecedented crisis."