back to article IMF 'suspended' World Bank links following hack attack

The International Monetary Fund (IMF) has reportedly become the target of a concerted hack attack. The resulting breach was severe enough for the economic development agency to temporarily suspend network connections with the World Bank, as a precaution. The link was quickly restored. According to internal emails leaked to …

COMMENTS

This topic is closed for new posts.
  1. Sir Runcible Spoon

    Sir

    Isn't it about time everyone implemented PGP or similar in their email systems as standard?

    A digital signature can make all the difference in spotting a good spear heading your way. I'm no newbie, but if you're busy and it looks genuine it's easy to get sucker punched in the gonads.

    1. Anonymous Coward
      Big Brother

      implemented email privacy and authentication

      > Isn't it about time everyone implemented PGP or similar in their email systems as standard?

      It won't happen because our various democratic governments won't be able to monitor our emails to protect us all from the terrorists.

      --

      They dined on mince, and slices of quince,

      Which they ate with a runcible spoon;

      And hand in hand, on the edge of the sand,

      They danced by the light of the moon,

      The moon,

      The moon,

      They danced by the light of the moon.

      1. Sir Runcible Spoon

        Sir

        @AC - you're actually the first person to mention the connection, and very fitting it is too with the lunar eclipse and no light of the moon to be seen :)

    2. Keith T

      They broke into RSA, they'll break into the key repository too.

      If they can break into RSA they can break into your PGP repository too.

  2. Anonymous Coward
    Anonymous Coward

    money on

    It being some anti-capitalist loony/anarchist type?

    1. Anonymous Coward
      Black Helicopters

      Foreign country, Foreign to who?

      More likely a G7 country looking to "infulence"

      1. Keith T

        or G20. It most likely was a big country

        or G20. It most likely was a big country.

    2. Anonymous Coward
      Happy

      Or....

      most of the under-develop world trying to even up the trade barriers :-)

  3. Joe K
    Linux

    Obligatory...

    .."wouldn't happen if they didn't use WinDoze" post.

    Seriously though, you'd hope that such an important network structure was locked down at every level. Whitelists, superglue in the USB ports, custom kernel, etc.

    Would love more details on this.

    1. Keith T

      There is a reason people with unlimited budgets and PhDs still use Windows

      Windows is more tested than the alternatives.

      It doesn't matter how many publicly known worms and viruses there are for an OS; when you are going after a highly secure installation what matters is how difficult it is to create a new one that is not known.

      MacOS, Unix, loads more holes.

      1. amanfromMars 1 Silver badge

        Perly Pearls

        Wise instructive words, Keith T. Thanks.

      2. Anonymous Coward
        Anonymous Coward

        Simply ... wrong.

        Servers have been running Unix since before Windows was thought of: how can it be "more tested?"

  4. El Cid Campeador
    Linux

    What spear did they use?

    I agree that spear phishing is extremely effective--if the phish is properly crafted and based on good research, it can fool just about anybody..... BUT... It's only the first step. Once you get the victim to believe you, you still need to exploit the victim's system. So, what exploit is being used? Was it a fake website to capture credentials? Did the exploit the browser? Was it the OS? Inquiring minds want to know.....

    1. Keith T

      You might be curious, but all those things will work

      You might be curious, but all those things will work and if a government wants into your system, there is not a single thing you can do to prevent it -- short of unplugging. We are all in the same boat.

      So you don't need to know which was used in this case to secure your own system.

  5. doperative
    Linux

    desktop computer hack attack

    > subsequent investigation established that a Fund desktop computer had been compromised and used to access some Fund systems ..

    What Desktop Operating System did this computer run. Was it an Apple or Linux or some other unknown Operating System?

  6. Keith T
    Big Brother

    This just goes to show when someone hacks into a website to show security is slack

    This just goes to show when someone hacks into a website (Sony, Amazon, whatever) to show security is slack they are proving nothing.

    It does not matter how tight security is. Any website can be hacked.

    Two factor, three factor encryption, Pentagon, CIA, NSA, MI5, Mossad, anything on any computer running any general purpose OS connected to the internet can be hacked.

    The physical world analogy is an M1 Abrams tank. Park one in a bad part of town, leave it alone over night, and by morning it will have graffiti all over it and parts missing.

    Nothing replaces a guy with a gun watching over the tank.

    Nothing replaces an international agency to go after blackhat hackers.

    Only problem, so many blackhat hackers work for governments, ours and theirs, that governments won't allow an international agency to do that.

    1. Anonymous Coward
      IT Angle

      re: Any website can be hacked

      @Keith T: It does not matter how tight security is. Any website can be hacked ..

      I must disagree, there are degrees of insecurity. A Web facing server should run a minimalist system and connect to a backend using a secure channel, no credit cards or user information stored on the front end and full auditing and financial transactions done on a third system.

    2. Gordon 10
      Thumb Down

      Hysterical Rubbish

      Have to majorly disagree with this.

      Is it difficult to make a company hack proof. Yes. Impossible? No.

      Besides making it hack proof kinda misses the point. The aim should be to creat a defence in depth that makes access to any significant data impossible - within a given detection window.

      In reality few orgs spend enough on this type of activity to create such a scenario but that doesnt mean its impossible.

      This years a good year to work in the IT security sector methinks.

  7. Anonymous Coward
    Trollface

    So then that's it --

    back to the caves for everybody.

This topic is closed for new posts.

Other stories you might like