Friday, October 10, 2008

World Bank Group Network Hacked; Chinese IPs Used: Just What We Need

Oh, dear. This is not good.

About 4,500 people working for the World Bank Group apparently hadn't changed their passwords when an emailed memo was written to remind a dozen or so key people, back in July of this year. Which is not good, since WBG had been under attack since Summer of 2007.

Last April, spy software dug deep into servers in World Bank Group's treasury unit, that's supposed to be unusually secure. For almost a month's time, in June and July, hackers had full access to the rest of WBG's network.

To World Bank Group's credit, a memo was sent around via email, back in July.1

On the other hand, nobody, except the hackers, seems to know just what data accessed and (presumably) copied. Considering the sort of data that the World Bank Group has, letting somebody from the outside read it is very bad news.

It gets more interesting.

Of the six major attacks so far, two are from the same set of IP addresses. In China. Could be a coincidence, but China's been overly-inquisitive about other people's data before.

I'm not happy to hear this. I'd say that one thing the world doesn't need right now is an unknown amount of very sensitive data, in all likelihood concerning almost 200 countries. The possibility that the Chinese government is involved doesn't make me any calmer. China doesn't exactly have a stellar record on human rights, and - melodramatic as this sounds - I'm concerned about why China needs a secret submarine base.

World Bank Group: A Little Background

Basically, it's an anti-poverty agency with a multi-billion-dollar budget, with representatives from 185 countries on its The World Bank, which "is a vital source of financial and technical assistance to developing countries around the world...," has a fairly rich About Us section. One of the resource links there is to a 12-page brochure, World Bank Group / Working for a World Free of Poverty, that describes the organization and its five units:
  • International Bank for Reconstruction and Development
  • International Development Association
  • International Finance Corporation
  • Multilateral Investment Guarantee Agency
  • International Centre for the Settlement of Investment Disputes
Previous post, discussing China and cybersecurity: In the news: (I'd never heard of before: it seems that the domain is registered by Tucows Inc.: which of course I'm quite familiar with.)
1 The email reads, in part, "We have new evidence that the Passwords that have been compromised may have accessed data. ... Please bear with us during this unprecedented crisis."

No comments:

Unique, innovative candles

Visit us online:
Spiral Light CandleFind a Retailer
Spiral Light Candle Store


Note! Although I believe that these websites and blogs are useful resources for understanding the War on Terror, I do not necessarily agree with their opinions. 1 1 Given a recent misunderstanding of the phrase "useful resources," a clarification: I do not limit my reading to resources which support my views, or even to those which appear to be accurate. Reading opinions contrary to what I believed has been very useful at times: sometimes verifying my previous assumptions, sometimes encouraging me to change them.

Even resources which, in my opinion, are simply inaccurate are sometimes useful: these can give valuable insights into why some people or groups believe what they do.

In short, It is my opinion that some of the resources in this blogroll are neither accurate, nor unbiased. I do, however, believe that they are useful in understanding the War on Terror, the many versions of Islam, terrorism, and related topics.