Another War-on-Terror Blog: World Bank

Showing posts with label World Bank. Show all posts

Friday, November 14, 2008

International Monetary Fund Allegedly Hacked - And It's Not News

The International Monetary Fund: A global financial organization, that secures financial stability, facilitates international trade, and reduces poverty around the world. And, an organization with no cyber-security issues. At all. Officially.

The IMF in Trouble? Can't be True! It Would Have Been in the News!

I learned something disturbing today.

American financial institutions are in trouble. Some have collapsed. Congress passed a huge bail-out. The American automobile industry says that it's going down, and needs a bail-out, too.

The trouble is global. There's a financial crisis going on around the world.

That's not what I learned, that was disturbing. I mean, it's bad: but that information has been in the news for quite a while.

What got my attention that it looks like another major international financial institution has been hacked: the International Monetary Fund, this time.

What sort of data was accessed, and how much isn't at all clear. And, the International Monetary Fund, or IMF, says that there wasn't any security breach, they don't have any spyware in their computers, and we should all pay no attention. I'm sure the IMF spokesperson was much more urbane and sophisticated about it, but that seems to be the gist of the IMF's official take on the matter.

World Bank Has Company: International Monetary Fund Hacked, Too

Unless you're paying rather close attention, you may have missed that the World Bank's computer network security was breached. About six times. Starting in 2007.¹

Now, it's the International Monetary Fund's turn.

The IMF's been hacked, apparently. And, so far, only one news service has written about it.

International Monetary Fund: Another Pretty Big Deal

The International Monetary Fund's about us page describes the IMF as

An organization of 185 countries
Working to foster global monetary cooperation
Securing financial stability
Facilitating international trade
Promoting high employment and sustainable economic growth
Reducing poverty around the world

In short, a rather big deal in the global economy.

And, it looks like somebody's gotten into their computer network, and planted spyware. That would make two of the world's major international financial institutions that have been hacked.

Whoever breached security could be anyone: a 12-year-old kid in Brooklyn, a bored college student, someone getting inside information for one of the representatives at the big financial summit that's starting right about now. Maybe even terrorists.

Especially now, scrambling the world economy by outing very private financial information might do more damage than a thousand suicide bombers.

International Monetary Fund Allegedly Hacked on the Eve of Global Financial Summit - And This Isn't News?!

So far (7:45 p.m. Central time, America, or 01:45 UTC), only one news service has written anything about spyware in the IMF's computers.

I don't know what the explanation is. The same sort of thing happened, or rather didn't happen, when the World Bank's network was hacked. Six times. Eventually, a handful of news services, and PC World, wrote about the incidents.

I think it's possible, maybe possible, that FOXNews lacks the deference toward international institutions that traditional news services seem to have.

From The New York Times to CNN, I get the impression that news editors assume that the sun rises in the east and sets in the west, and that the United Nations and other great international agencies for the common good deserve admiration and respect, rather than scrutiny.

Unlike the World Bank security breaches, the IMF's claim that there's nothing to see here may be right. Or, the International Monetary Fund's brass may be desperately hoping that they can bluff their way through, until this embarrassing little disclosure goes away.

Me? I'm glad that there are reporters and editors out there who aren't on the same page as old-school American journalists.

In the news:

"U.S. retail sales post record decline"
International Herald Tribune (November 14, 2008)
"Bush ready to defend free-market principles during summit"
CNN (November 14, 2008)
"EXCLUSIVE: Cyber-Hackers Break Into IMF Computer System"
FOXNews (November 14, 2008)

Background:

International Monetary Fund

¹ The World Bank describes itself as "a vital source of financial and technical assistance to developing countries around the world...," and has more to say in its About Us section.

And, they're right: there' a pretty big deal, globally. Particularly for countries that aren't well-off, and are trying to change that condition.

I'd have thought that a half-dozen security breaches in a global financial institution would be news: but I'm not a news editor. I've posted about the World Bank cyberattack before:

"World Bank Under Cyberattack? Surprise! "
(November 2, 2008)
"Lehman Collapsed, the World Bank's Been Hacked, General Motor's not Bankrupt - Maybe: What a Mess! "
(October 12, 2008)
"World Bank Group Network Hacked; Chinese IPs Used: Just What We Need "
(October 10, 2008)

Sunday, November 2, 2008

World Bank Under Cyberattack? Surprise!

My guess is that you haven't read about the World Bank's security problems, unless you follow PC World, CNET, or FOXNews. I haven't seen more than a flicker about the World Bank being hacked, except in those services.

Which is a little odd, since a major cyberattack started in the summer of 2007.

I've posted about this before:

"Lehman Collapsed, the World Bank's Been Hacked, General Motor's not Bankrupt - Maybe: What a Mess! "
(October 12, 2008)
"World Bank Group Network Hacked; Chinese IPs Used: Just What We Need "
(October 10, 2008)

Excerpts from PC World:

"...The bottom line is that computers everywhere are at risk. No matter where you are located, your security plan needs to be bullet proof....

"...Even the big guys may be behind the times when it comes to security.

"According to one of the memos cited by the Fox report, the organization [the World Bank] decided to introduce secure ID for users to access their web email after the breach occurred....

"...The lesson here: Even if you are a massive business with a big budget, a reality check may be in order on your security protocol and policies...." [emphasis mine]
("Four Security Lessons From the World Bank Breach" PC World Business Center (October 10, 2008))

Kudos to the World Bank for introducing the sort of cybersecurity that small-town banks have - after a breach. 'Better late than never,' but as another old saying goes, it's 'locking the barn door after the horse is stolen.'

The World Bank's reputation is like a still pond: tranquil, serene, a mirrored surface reflecting lovely greenery.

Now alternatively-sensible decisions are floating to the surface: and their logical consequences.

In a way, I don't blame mainstream news services from ignoring these issues. The World Bank is an international organization with a noble goal: it would be a shame, in a way, to sully that image.

But, that might be what the World Bank needs, as encouragement to get re-attached to reality.

In the news:

"Cyber Security Questions Persist at World Bank"
FOXNews (November 01, 2008)
"Former Top Cyber Official at Center of World Bank Scandal"
FOXNews (October 31, 2008)
"Four Security Lessons From the World Bank Breach"
PC World Business Center (October 14, 2008)
"World Bank under cyberattack?"
CNET (October 10, 2008)

Friday, October 10, 2008

World Bank Group Network Hacked; Chinese IPs Used: Just What We Need

Oh, dear. This is not good.

About 4,500 people working for the World Bank Group apparently hadn't changed their passwords when an emailed memo was written to remind a dozen or so key people, back in July of this year. Which is not good, since WBG had been under attack since Summer of 2007.

Last April, spy software dug deep into servers in World Bank Group's treasury unit, that's supposed to be unusually secure. For almost a month's time, in June and July, hackers had full access to the rest of WBG's network.

To World Bank Group's credit, a memo was sent around via email, back in July.¹

On the other hand, nobody, except the hackers, seems to know just what data accessed and (presumably) copied. Considering the sort of data that the World Bank Group has, letting somebody from the outside read it is very bad news.

It gets more interesting.

Of the six major attacks so far, two are from the same set of IP addresses. In China. Could be a coincidence, but China's been overly-inquisitive about other people's data before.

I'm not happy to hear this. I'd say that one thing the world doesn't need right now is an unknown amount of very sensitive data, in all likelihood concerning almost 200 countries. The possibility that the Chinese government is involved doesn't make me any calmer. China doesn't exactly have a stellar record on human rights, and - melodramatic as this sounds - I'm concerned about why China needs a secret submarine base.

World Bank Group: A Little Background

Basically, it's an anti-poverty agency with a multi-billion-dollar budget, with representatives from 185 countries on its The World Bank, which "is a vital source of financial and technical assistance to developing countries around the world...," has a fairly rich About Us section. One of the resource links there is to a 12-page brochure, World Bank Group / Working for a World Free of Poverty, that describes the organization and its five units:

International Bank for Reconstruction and Development
International Development Association
International Finance Corporation
Multilateral Investment Guarantee Agency
International Centre for the Settlement of Investment Disputes

Previous post, discussing China and cybersecurity:

"The War on Terror? This May be The War For Freedom"
(March 18, 2008)

In the news:

"World Bank Hacked, Sensitive Data Exposed"
Dark Reading (October 10, 2008)
"World Bank Under Cyber Siege in 'Unprecedented Crisis' "
FOXNews (October 10, 2008)

(I'd never heard of darkreading.com before: it seems that the domain is registered by Tucows Inc.: which of course I'm quite familiar with.)

¹ The email reads, in part, "We have new evidence that the Passwords that have been compromised may have accessed data. ... Please bear with us during this unprecedented crisis."

Blogroll

Note! Although I believe that these websites and blogs are useful resources for understanding the War on Terror, I do not necessarily agree with their opinions. ¹

American Islamic Congress
American-Islamic Forum for Democracy
Americas Interests.blog an Australian's perspective (on January 29, 2009 the author announced the end of new posts, and explained his reasons for doing so. He is, however, keeping the 21 months of accumulated posts on line, because of "the role that it plays in a larger ecosystem of information" - I recommend AI as an archival resource. )
Blog 4 Human Rights: Human Rights in Georgia (the nation) News, Opinions, Videos and Photos (Why blogroll this? Georgia is about 10% Muslim, very near the Middle East: and human rights is a critical part of the War on Terror.)
CAIR Council on American-Islamic Relations
The Capitol Tribune "A Journal by a Citizen and Servant of the Republic."
The Conservative Hawk An articulate conservative blog: definitely political, opinionated, informed, and intelligent
Defenders Council of Vermont "...our mission is to educate the citizens of Vermont about the nature, reality and threat of radical Islam, deepen Vermonters' understanding of America's heritage, honor the men and women of the armed services and their families, and support the efforts of others to help our armed forces work with local populations in foreign lands."
DefenseLink Blogger's Roundtable provides source material for stories in the blogosphere concerning the Department of Defense (DoD) by bloggers and online journalists.
FactCheck.org "aims to reduce the level of deception and confusion in U.S. politics". It's "a project of the Annenberg Public Policy Center of the University of Pennsylvania". From what I've seen, this non-partisan website must be quite annoying to all sides
Fiqh Council of North America "...a body of qualified Islamic scholars who live in the United States or Canada."
Foreign Policy Watch "Diplomatic strategy, international news, and thoughtful political analysis"
www.free-minds.org Another flavor of True Islam: one more articulate than many
Free Muslims Coalition "American Muslims and Arabs of all backgrounds who feel that religious violence and terrorism have not been fully rejected by the Muslim community in the post 9-11 era."
GlobalSecurity.org "Everyone is entitled to their own opinion, but not their own facts. We try to bring you the facts, to help you form your opinion."
Hudson Institute: Center on Islam, Democracy, and the Future of the Muslim World
IntelCenter "Our focus as a company is on studying terrorist groups and other threat actors and disseminating that information in a timely manner to those who can act on it."
Iraq the Model "New points of view about the future of Iraq."
Islam.com "...an information portal site on the internet that is pure, clean and 'worthy of its name', InshaAllah."
islamispeace.org.uk "...invites you to challenge your ideas of Islam and Muslims."
Islamic Circle of North America "... to seek the pleasure of Allah (SWT) through the struggle of Iqamat-ud-Deen (establishment of the Islamic system of life) as spelled out in the Qur'an and the Sunnah of Prophet Muhammad (pbuh)"
Islamic Republic News Agency Iran's official news agency
Islamic Society of Central Florida (ISCF) "...an organization which strives to serve the greater Central Florida community by catering to the social, religious, and educational needs of its Muslim inhabitants."
Islamic Society of North America "...playing a pivotal role in extending those bridges to include all people of faith within North America...."
(but note another view) )
Islamic World News أخبار العالم الاسلا
Michael J. Totten's Middle East Journal The War on Terror, as observed on the ground
Muir S. Fairchild Research Information Center A research resource for United States Air Force Air University students, "provided as a public service by Muir S. Fairchild Research Information Center and the Maxwell Support Division."
Muslamics Affad Shaikh and "A Writing Collaborative" This American Muslim Affad Shaikh, a very west-coast Muslim Los Angelano
Muslims Against Sharia An organization of Muslims, presumably dedicated "...to educate non-Muslims about the differences between moderate Muslims and Islamists..." - with a curious way of practicing Peace, Love Light, (words in their website's logo).
National Interest, and as a corollary, Primacy "These are indeed my personal pontifications on the vicissitudes of International Affairs." (Be prepared for big words, long sentences: and unexpected insights.)
PM’S World
Radio Free Europe/Radio Liberty "disseminating factual information and ideas"
The Straits Times (Singapore) "...strives to be an authoritative provider of news and views, with special focus on Singapore and the Asian region...."
Urban Conservative "Conservative 2.0 - A New Breed of Conservative
Why Islam? "... articles, books etc on Islam and comparative religion. ... initiated by volunteers from ICNA (Islamic Circle of North America). ..."

¹ Given a recent misunderstanding of the phrase "useful resources," a clarification: I do not limit my reading to resources which support my views, or even to those which appear to be accurate. Reading opinions contrary to what I believed has been very useful at times: sometimes verifying my previous assumptions, sometimes encouraging me to change them.

Even resources which, in my opinion, are simply inaccurate are sometimes useful: these can give valuable insights into why some people or groups believe what they do.

In short, It is my opinion that some of the resources in this blogroll are neither accurate, nor unbiased. I do, however, believe that they are useful in understanding the War on Terror, the many versions of Islam, terrorism, and related topics.

Visit us online:
Spiral Light Candle	• Find a Retailer • Spiral Light Candle Store