Is the World Bank really compromised?

Fox News reported a few days ago that over 40 servers belonging to the World Bank(a pseudo-bank really) have been compromised.  Now, the World Bank is not really a bank as much as it is a funnel of funds from various countries into various charitable causes; $25 billion in funds to be exact. It also manages about $70 billion in assets. These are not large numbers compared to the trillions of dollars being thrown at banks this week but every little bit counts and with $25 billion the World Bank is at least twice the size of TGX at the time of their own little issue with incursions. The story, as told by Fox News, has the makings of a novel about it.  The FBI, investigating another cyber crime that led them to the World Bank’s secret data center in Johannesburg a year ago , informed the World Bank that they might have a problem.  Sure enough, the data center, a repository of all of the World Banks’ information, had been compromised.  IP addresses attributed to Macau China were the source of an attack that infiltrated and “owned” the data center.  Later, in the Treasury services branch of the bank, it was discovered that contractors had installed keystroke loggers on systems to harvest passwords and credentials to allow the complete compromise of that department’s computers.  That particular Indian out-sourcing firm was reportedly replaced after the discovery of the breach.

And then, this past June, another attack.

This time, however, the cyber-burglars used a different spyware. They broke into an external server run by the bank's private sector development unit. They were able to acquire passwords — including the password for the systems administrator.

That enabled them to jump into the servers at MIGA, the bank's giant insurance arm. It was there that they captured the security administrator's password as he was logging on to his computer.

See what I mean about a novel? Tom Clancy could not have done better:  China base, Indian subcontractors, global financial markets.

  memo captured by Fox News supports their story.  It is written to end users alerting them of the need to reset their passwords every 90 days and that they will be required to use different passwords for each application.  In addition, every employee will have to take the online information security awareness course.  Wow, that will stop those bad people from owning our networks!

The World Bank has accused Fox News of lies and mis-representation. Fox News stands by their story.

An internal

details names and applications of 18 compromised servers including the Domain Controller and the Certificate Server.  Not exactly a good memo to have leaked to the world.

Another memo

The World Bank has serious questions to answer and are apparently working on that. In the meantime it would behoove any CIO to take a close look at their own operations to make sure they do not share World Bank’s lack of controls and inability to protect their information assets.  

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)