IMF cyber attack aimed to steal insider information: expert

WASHINGTON/LONDON Sun Jun 12, 2011 11:16am EDT

The IMF nameplate is displayed on a wall at the headquarters during the World Bank/International Monetary Fund Spring Meetings in Washington April 11, 2008. REUTERS/Jonathan Ernst

The IMF nameplate is displayed on a wall at the headquarters during the World Bank/International Monetary Fund Spring Meetings in Washington April 11, 2008.

Credit: Reuters/Jonathan Ernst

Related Topics

WASHINGTON/LONDON (Reuters) - A major cyber attack on the IMF aimed to steal sensitive insider information, a cyber security expert said on Sunday, as the race to lead the body which oversees global financial system heated up.

The U.S. Federal Bureau of Investigation is helping to investigate the attack on the International Monetary Fund, the latest in a rash of cyber break-ins that have targeted high-profile companies and institutions.

"The IMF attack was clearly designed to infiltrate the IMF with the intention of gaining sensitive 'insider privileged information'," cyber security specialist Mohan Koo, who is also Managing Director, Dtex Systems (UK), told Reuters in London.

A June 8 internal memo from Chief Information Officer Jonathan Palmer told staff the Fund had detected suspicious file transfers and that an investigation had shown a desktop computer "had been compromised and used to access some Fund systems."

"At this point, we have no reason to believe that any personal information was sought for fraud purposes," it said.

The New York Times cited computer experts as saying the IMF's board of directors was told of the attack on Wednesday, though the assault had lasted several months.

The IMF says its remains "fully functional" but has declined to comment on the extent of the attack or the nature of the intruders' goal.

News of the hack came at a sensitive time for the world lender of last resort, which is seeking to replace former managing director Dominique Strauss-Kahn, who quit last month after being charged with the attempted rape of a hotel maid.

French Finance Minister Christine Lagarde remains the frontrunner to replace him, although Stanley Fischer, the Bank of Israel Governor and a former IMF deputy chief, has emerged as a late candidate, and Mexico's central bank chief, Agustin Carstens, is another contender.

EMBOLDENED

Jeff Moss, a self-described computer hacker and member of the Department of Homeland Security Advisory Committee, said he believed the attack was conducted on behalf of a nation-state looking to either steal sensitive information about key IMF strategies or embarrass the organization to undermine its clout.

He said it could inspire attacks on other large institutions. "If they can't catch them, I'm afraid it might embolden others to try," said Moss, who is chief security officer for ICANN.

Tom Kellerman, a cybersecurity expert who has worked for both the IMF and the World Bank, said the intruders had aimed to install software that would give a nation state a "digital insider presence" on the IMF network.

That could yield a trove of non-public economic data used by the Fund to promote exchange rate stability, support balanced international trade and provide resources to remedy members' balance-of-payments crises.

"It was a targeted attack," said Kellerman, who serves on the board of a group known as the International Cyber Security Protection Alliance.

The code used in the IMF incident was developed specifically for the attack on the institution, said Kellerman, formerly responsible for cyber-intelligence within the World Bank's treasury team and now chief technology officer at AirPatrol, a cyber consultancy.

"LIFE-THREATENING"

Koo of Dtex Systems (UK) said the recent spate of attacks on large global organizations was worrying because they were targeted, well-organized and well-executed, not opportunistic.

"Perhaps most frightening of all is the fact that these type of attacks could quite easily be directed toward Critical National Infrastructure (CNI) organizations, for example Energy and Water, where the impact of such a breach would have severe, immediate and potentially life-threatening consequences for everyday citizens."

Cyber security experts said it might be difficult for investigators to prove which nation was behind the attack.

"Even developing nations are able to leverage the Internet in order to change their standing and ability to influence," said Jeffrey Carr, author of the book, "Inside Cyber Warfare."

"It's something they never could have done before without gold or without military might," Carr said.

CIA Director Leon Panetta told the U.S. Congress on June 9 that the United States faced the "real possibility" of a crippling cyber attack on power systems, the electricity grid, security, financial and governmental systems.

Lockheed Martin Corp, the Pentagon's No. 1 supplier by sales and the biggest information technology provider to the U.S. government, disclosed two weeks ago that it had thwarted a "significant" cyber attack. It said it had become a "frequent target of adversaries around the world."

Also hit recently have been Citigroup Inc, Sony Corp and Google Inc.

(Reporting by Lesley Wroughton, Jim Finkle, Jim Wolf, Jim Vicini and William Maclean in London; Editing by Jon Boyle)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (9)
dumbdumb wrote:
Yea right someone picked on a link and downloaded a trojan on the web, because they have bad IT people and they are calling it an attack.
Get some real IT people!

Jun 11, 2011 9:13pm EDT  --  Report as abuse
Alfred.Brock wrote:
The IMF will be disbanded. No one believes in them except those profiting from it.

Jun 11, 2011 10:17pm EDT  --  Report as abuse
These are test attacks. When the really big one(s) hits, worldwide, we will all thrown back to the stone age — without the once much-feared nuclear MAD conflagration.
And nobody will be able to hit back at the unseen enemy since the ones who launched the attack will never been known until after all has first been crushed.
Even if no such human attack ever occurs, massive solar storms will do the same thing, with the same end result.

Jun 11, 2011 11:38pm EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.