The International Monetary Fund (IMF) has reportedly become the target of a concerted hack attack. The resulting breach was severe enough for the economic development agency to temporarily suspend network connections with the World Bank, as a precaution. The link was quickly restored. According to internal emails leaked to …
Isn't it about time everyone implemented PGP or similar in their email systems as standard?
A digital signature can make all the difference in spotting a good spear heading your way. I'm no newbie, but if you're busy and it looks genuine it's easy to get sucker punched in the gonads.
implemented email privacy and authentication
> Isn't it about time everyone implemented PGP or similar in their email systems as standard?
It won't happen because our various democratic governments won't be able to monitor our emails to protect us all from the terrorists.
They dined on mince, and slices of quince,
Which they ate with a runcible spoon;
And hand in hand, on the edge of the sand,
They danced by the light of the moon,
They danced by the light of the moon.
They broke into RSA, they'll break into the key repository too.
If they can break into RSA they can break into your PGP repository too.
@AC - you're actually the first person to mention the connection, and very fitting it is too with the lunar eclipse and no light of the moon to be seen :)
It being some anti-capitalist loony/anarchist type?
Foreign country, Foreign to who?
More likely a G7 country looking to "infulence"
or G20. It most likely was a big country
or G20. It most likely was a big country.
most of the under-develop world trying to even up the trade barriers :-)
.."wouldn't happen if they didn't use WinDoze" post.
Seriously though, you'd hope that such an important network structure was locked down at every level. Whitelists, superglue in the USB ports, custom kernel, etc.
Would love more details on this.
There is a reason people with unlimited budgets and PhDs still use Windows
Windows is more tested than the alternatives.
It doesn't matter how many publicly known worms and viruses there are for an OS; when you are going after a highly secure installation what matters is how difficult it is to create a new one that is not known.
MacOS, Unix, loads more holes.
Wise instructive words, Keith T. Thanks.
Simply ... wrong.
Servers have been running Unix since before Windows was thought of: how can it be "more tested?"
What spear did they use?
I agree that spear phishing is extremely effective--if the phish is properly crafted and based on good research, it can fool just about anybody..... BUT... It's only the first step. Once you get the victim to believe you, you still need to exploit the victim's system. So, what exploit is being used? Was it a fake website to capture credentials? Did the exploit the browser? Was it the OS? Inquiring minds want to know.....
You might be curious, but all those things will work
You might be curious, but all those things will work and if a government wants into your system, there is not a single thing you can do to prevent it -- short of unplugging. We are all in the same boat.
So you don't need to know which was used in this case to secure your own system.
desktop computer hack attack
> subsequent investigation established that a Fund desktop computer had been compromised and used to access some Fund systems ..
What Desktop Operating System did this computer run. Was it an Apple or Linux or some other unknown Operating System?
This just goes to show when someone hacks into a website to show security is slack
This just goes to show when someone hacks into a website (Sony, Amazon, whatever) to show security is slack they are proving nothing.
It does not matter how tight security is. Any website can be hacked.
Two factor, three factor encryption, Pentagon, CIA, NSA, MI5, Mossad, anything on any computer running any general purpose OS connected to the internet can be hacked.
The physical world analogy is an M1 Abrams tank. Park one in a bad part of town, leave it alone over night, and by morning it will have graffiti all over it and parts missing.
Nothing replaces a guy with a gun watching over the tank.
Nothing replaces an international agency to go after blackhat hackers.
Only problem, so many blackhat hackers work for governments, ours and theirs, that governments won't allow an international agency to do that.
re: Any website can be hacked
@Keith T: It does not matter how tight security is. Any website can be hacked ..
I must disagree, there are degrees of insecurity. A Web facing server should run a minimalist system and connect to a backend using a secure channel, no credit cards or user information stored on the front end and full auditing and financial transactions done on a third system.
Have to majorly disagree with this.
Is it difficult to make a company hack proof. Yes. Impossible? No.
Besides making it hack proof kinda misses the point. The aim should be to creat a defence in depth that makes access to any significant data impossible - within a given detection window.
In reality few orgs spend enough on this type of activity to create such a scenario but that doesnt mean its impossible.
This years a good year to work in the IT security sector methinks.
So then that's it --
back to the caves for everybody.