IMF attack "a very major breach"

Although no statement has been released on the web site of the International Monetary Fund (IMF), it has been reported by the New York Times and Bloomberg that the IMF has been the victim of a "large and serious" cyber attack. The full extent of the attack has not been revealed, but it has been said that the attackers were able to plant software on a computer within the IMF which enabled them to have some level of external access to its network. The software may well have been planted as a result of a targeted spear phishing attack; the IMF’s chief information officer, Jonathan Palmer, sent out an email warning employees of “increased phishing activity”. The World Bank took the problem seriously and, as a precaution, severed the network connection that allows the two organisations to share data.

According to the Bloomberg report, the attack appears to have been mounted by a foreign government, although no specific country was named. The same report quoted an unnamed source as stating that the IMF lost a "large quantity" of data which included emails and other documents. Some of the information held by the IMF is highly sensitive, much of it dealing with countries suffering financial difficulties and the negotiations in which they are involved. Very large sums of money are involved in these negotiations, around £56 billion last year in emergency loans.

Following on as it does from a series of cyber attacks against Google, Sony, RSA, Lockheed Martin and others, this recent attack has prompted increasing calls for concerted action, including the possibility of further regulation, to defend countries and organisations from such attacks. Reuters quoted Unilever's chief executive as saying that "This is an example of technology developing faster than the frameworks and sometimes the regulations around that".

See also:

• UK to step up cyber defence capabilities, a report from The H.
• US DoD reports on lessons learned from open source, a report from The H.
  

(ehe)