World Bank hit by cyber intrusion epidemic?

The computer network used by the World Bank Group has suffered a series of at least six intrusions since mid-2007, according to a report.

The World Bank Group was first notified of the intrusions by the FBI in September 2007, when the bureau was investigating another cyber crime case involving transactions out of Johannesburg, South Africa. Fox News said it has an internal memo describing the initial intrusion to World Bank Group employees.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

The World Bank Group did not respond to a request for comment.

The World Bank Group, based in Washington DC, is not a traditional bank. It is made up of the International Bank for Reconstruction and Development and the International Development Association, and it provides a vital source of financial and technical assistance to developing countries around the world, according to its website. The World Bank board represents 185 member nations and currently budgets $25bn annually in anti-poverty campaigns.

Up to 40 servers have been penetrated in a series of attacks, according to Fox News, including one attack on a server that held contract-procurement data. Two of the attacks appear to come from the same block of IP addresses originating in China. But Graham Cluley, senior technology consultant at Sophos, told silicon.com sister site CNET News that doesn't mean the attackers are in China - only that they are using compromised machines located in that country.

Cluley said: "Ideally, if you're a large organisation or financial organisation, then you would have a team of penetration testers testing your system to the limit looking for those weaknesses, looking for those holes. It's much better that you find them before a criminally minded hacker does."

Apparently, the World Bank Group does not conduct its own security-assessment testing, a requirement of financial institutions in the US and other countries.

Fox News also published a more recent memo from 19 August 2008 in which World Bank Group staff were told to change personal passwords and start using security "tokens" or cards to access the organisation's applications remotely. These tokens, such as the two-factor tokens being used by VeriSign, are synced with an internal server and display password strings that are valid only for a minute or so.

Cluley questioned why these attacks aren't more of a priority with World Bank staff. He said: "Every bank on [the] high street [in London] already has that requirement of its customers. Every firm with critical data should be giving its employees [password tokens] because otherwise compromise is just as simple as having a key-logging piece of spyware on the desktop."

It is unclear how the intrusions occurred, when they started, or whether they are even related.

Fox said that outside forensics teams have since been brought in to investigate. In an email to CNET News, a representative for Mandiant, a US-based digital forensics company, confirmed that the World Bank is a client but would not elaborate on the work done on its behalf.

Cluley said: "Regardless of the facts every organisation needs to learn that this can happen to big organisations and small ones, and make sure they have proper security and encryption in place."

Original article: World Bank under cyberattack? from CNET News.com