The International Monetary Fund (IMF) says it has been targeted by a sophisticated cyber attack. Officials at the fund gave few details but said the attack earlier this year had been "a very major breach" of its systems.
Cyber security officials said the hack was designed to install software to create a "digital insider presence”. The IMF, which holds sensitive economic data about many countries, said its operations were fully functional.
The cyber attack took place over several months, and happened before former IMF chief Dominique Strauss-Kahn was arrested over sexual assault charges. Spokesman David Hawley said "I can confirm that we are investigating an incident, I am not in a position to elaborate further on the extent of the cyber security incident."
An e-mail to staff warned that "suspicious file transfers" had been detected and that an investigation had shown a desktop at the Fund had been "compromised and used to access some Fund systems". There was "no reason to believe that any personal information was sought for fraud purposes," it said.
A cyber security expert told Reuters the infiltration had been a targeted attack, which installed software designed to give a nation state a "digital insider presence" at the IMF.
"The code was developed and released for this purpose," said Tom Kellerman, who has worked for the Fund. An unnamed cyber expert has been quoted as saying the hackers were connected to a foreign government; however such attacks are very difficult to trace.
The World Bank said it briefly cut its network connection with the Fund, out of "an abundance of caution".
CIA Director Leon Panetta told the US Congress earlier this week that a large-scale cyber attack which would cripple power, finance, security and governmental systems was "a real possibility in today’s world".
Regency IT Consulting has the capabilities and expertise to deliver strategic, comprehensive information security solutions to enable organisations to anticipate, overcome and reduce security threats, risks and vulnerabilities in support of their business objectives.
Regency IT Consulting comprises some of the industry’s most experienced security professionals and is a leading employer of CLAS consultants. We can provide you with the expertise and experience you need to help prevent your company losing data by ensuring that your information systems are fully compliant with recognised best practice in information assurance – so enabling you to keep your professional reputation intact.
By conducting a full risk assessment, using award-winning software, on your IT infrastructure and user policies, Regency IT Consulting can help you to identify current risks and advise you on how to reduce them and maintain an effective risk management strategy. In short, we can support you in taking all reasonable steps to protect the data that you hold.
Regency IT Consulting “Regency Protect” provides a professional, efficient and effective protective monitoring managed service. A properly managed protective monitoring service enables the detection and prevention of both authorised and unauthorised access to data within a system. Well managed protective monitoring logs can provide objective evidence regarding where, when and by whom specific records have been accessed, as well as recording the actions completed on them (e.g. copying to media). A well run protective monitoring solution can provide significant benefits for the functionality and efficiency of the monitored system, including situational awareness of system-wide activity and verification of implemented changes. In other words, protective monitoring helps to ensure both the confidentiality and integrity of your data. Most importantly, protective monitoring acts as an effective deterrent by ensuring that users who might be considering attacking or misusing a system are aware that their activities on the system are monitored, recorded and traceable.