Slashdot Mirror
World Bank Under Cybersiege In "Unprecedented Crisis"
JagsLive sends in a Fox News report on large-scale and possibly ongoing security breaches at the World Bank. "The World Bank Group's computer network — one of the largest repositories of sensitive data about the economies of every nation — has been raided repeatedly by outsiders for more than a year, FOX News has learned. It is still not known how much information was stolen. But sources inside the bank confirm that servers in the institution's highly-restricted treasury unit were deeply penetrated with spy software last April. Invaders also had full access to the rest of the bank's network for nearly a month in June and July. In total, at least six major intrusions — two of them using the same group of IP addresses originating from China — have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month. In a frantic midnight e-mail to colleagues, the bank's senior technology manager referred to the situation as an 'unprecedented crisis.' In fact, it may be the worst security breach ever at a global financial institution. And it has left bank officials scrambling to try to understand the nature of the year-long cyber-assault, while also trying to keep the news from leaking to the public." Update: 10/11 01:15 GMT by T : Massive spyware infestations might be good cause to reevaluate the TCO of non-Windows systems on the desktop.
These days financial institutions consider IT (and other) security as something that costs them money, without giving them any benefit.
Will this wake them up?
I hear the question "Can we afford"? when talking about security in IT shops. The question that I am coming back with is "Can we afford not to"?
Just how many more banks machines are compromised? How about Federal and Local Government's machines and networks.
If you had enough financial data somebody could cause an economic collapse - I wonder what it would look like.
Sounds good. Hope it ends up on Wikileaks. I predict there will be some highly deserving people burnt at the stake if that information gets out to the public.
-1 Uncomfortable Truth
It is an evil instrument, of human enslavement and degradation.
It is empire, with shackles of dependency and credit.
It kills children by starvation, as it extracts demands for medicines.
It is Satan's rectum, poised over the third-world.
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
while also trying to keep the news from leaking to the public
Oops
--
Oh Well, Bad Karma and all . . .
Beer is proof that God loves us and wants us to be happy.
previously, i thought the markets were melting down due to gay marriage
perhaps this is the obvious run up to 2012 and the end of the mayan calendar
paranoid schizophrenics, want to help me out here?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Well of course I can't be certain but this appears to be ntohing more than a breach of their email system (encrypt your damn email people).
From the leaked memo "MD and CIO has directed that all external Webmail accounts be disabled immediately for all staff who have not changed their passwords yet"
I'd really like to read about this from a source other than Fox news.
First thing I would do is launch my attack from a compromised host in country X while being in country Y
I don't know the meaning of the word 'don't' - J
Does anyone have a link to a story on this from a reputable news source?
It seems like banks find new ways to have crises every week.
Does the IP address indicate a Chinese intrusion, or is that just a spin?
Damn, they got owned completely, 3 different times. Someone in their security department needs to get a clue. Somehow their offsite data store got accessed, then an IT consultant worker key logged them, and finally they got in again through a third party and escalated to admin rights.
3 different attack vectors, all completely successful. That is just kinda pathetic...
its suspicious that fox news, arguably one of the least reputable news agencies on the planet, has been tapped as the groundbreaking authority on this story?
wondering if this will come with a CERN alert any time soon.
Good people go to bed earlier.
Do they realize yet why painting a giant target on the ground is a bad idea?
Jim Rogers, Adventure Capitalist and Fox News business commentator, has said the same thing. What I'm trying to say is that the parent is not some leftist nut.
I hear you have an opening for a security expert...
So this story coming out at the same time as a world-wide financial crisis.
Has hollywood finally become reality? Is there some scarred super-villain out there somewhere petting a hairless cat laughing like a maniac as the world falls into economic ruin?
The simple and total solution is to disconnect any country that has these attacks and do not re-connect until the government of that country solves their problem. I am sick and tired of China blocking content from their own citizens but, allowing illegal activity to the outside world. They need to be shut down.
Athiesm is a religion like not collecting stamps is a hobby.
As the possible first post, I want to make sure no one thinks this is in anyway related to the markets crashing, as it stands if china did originate the attack, they are losing as much as the USA right now, and are still losing dealing with their own problems(with the food illnesses).
I was one to believe that Chinese were doing a lot of hacking on purpose to advance in cyber tactics, however this move if were caused by them, ended costing them more then it returned.
It may more have been a Russian hacker rerouting through china using tor or something.
It doesn't matter what the crackers learned. It's obsolete now.
I still look at the FoxNews web site, but damn, one has to pick through a lot of crap to find information. It seems to be more gossip than anything else. I keep expecting to see a hot story about Brittney Speers' lovechild with Bat Boy.
On the other hand, almost all news outlets seem to want to lead the parade down to the circus side show, so maybe they are just a sign of the times.
Good night, Chet. Good night, David.
Why, without your clothes, you're naked, Miss Dudley!
Face it, no matter how secure a system is, if it is usable by humans it can be breached. Easily.
There is anywhere from a 100 to 1000 hackers/crackers/slimeballs out there that are ready and willing to take on each and every system. Ones that claim to be "secure" are just a bigger target. There is no such thing as a completely "secure" system that is usable and accessible by ordinary humans. True security would require controlled physical access, multiple authenticating factors, and so on. None of this is going to happen for an accessible system usable by "ordinary humans".
About all that is realistic is to minimize the damages. Face the fact that if you are a target you are going to lose. Try not to lose too much.
Prosecution of the break-in? Forget it. It's the Internet. It is International. If it looks like it is coming from China, it could be real or it could be a proxy. There are no effective International laws that will assist in any sort of prosecution. There is no supra-national police force that will break down the door of the cracker and haul them away. Nothing is going to happen. Unless the guy is a complete idiot that brags about it.
> Does the IP address indicate a Chinese intrusion, or is that just a spin?
Just a spin. Look for WB information to be sold soon on Craigslist Seoul.
Maybe this - and other security breaches - might be (partially) behind the current worldwide financial crisis? Strangely, here in Canada in the past month I heard just in my close circle of colleagues, family several cases when entire bank accounts were cleaned out. I never heard such a high concentration of cases before.
It just makes you wonder... could it be, that all the suddenly escalating "bad debts" crisis is actually based on or at least related to full-scale security breakdown at financial institutions?
Why networks with such sensitive data have internet access. I know it makes it easier and accessible, but shouldn't something this important be used for internal record keeping? I know that's usually not possible, but the fact everything is online will come back to bite everyone.. To quote Forest Gump "then something bit me in the buttock.. they say it was a million dollar wound, but the government must keep that money, cause i didn't see any of it...."
Fox needs to learn the difference between a siege and an invasion.
sensitive data about the economies of every nation
What's so sensitive about the economy of a nation that it must be kept secret, thereby not even allowing the nation itself (the people) to know about it?
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
Fox News? I always thought it was spelled Faux News.
It must be extremely expedient for Western governments to punish recalcitrant governments in the developing world by withholding World Bank and IMF "assistance"; and conversely reward compliant ones.
This is the nature of all (fractional reserve) banking.
Have you noticed the calls for co-ordinated action? For a world response? Next it'll be a world council.
Deleted
bank officials [...] trying to keep the news from leaking to the public.
They should be slammed for that! Trying to cover up their mistakes. Shameful.
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
Wonder if they've ever heard of Linux?
.Bank . . .Micro$haft . . .common
.$$$$$
Oh wait . .
denominator . .
--
Oh Well, Bad Karma and all . . .
Beer is proof that God loves us and wants us to be happy.
I'm really not surprised to hear this. According to Verizon Business' 2008 Data Breach Report, 46% of reported attacks, while somewhat opportunistic, are directed towards a specific victim with knowledge of how to exploit a specific weakness. While only 15% of the reported attacks were fully targeted, I strongly believe that this number will rise. With usage of social networking sites on the rise (think Linkedin.com), it really isn't difficult to identify well-placed targets within an organization. Find enough information about an individual, make contact, gain a level of trust, and owning them at work can be trivial. From this point, the attacker can use the victim's trusted relationship in the company (e.g., electronic access) to proceed to take ownership of the network.
"And it has left bank officials scrambling to try to understand the nature of the year-long cyber-assault ..."
Windows, duh!
Please, please, please mod parent comment down. The last thing we need is for the phrase "It is Satan's rectum, poised over ..." to become a new Slashdot meme.
I mean can you imagine:
- an item about Linux and posts like "It is Satan's rectum, poised over capitalism";
- an item about fascism and posts like "It is Satan's rectum, poised over our freedoms";
- an item about the Cheney/Bush government and posts like "It is Satan's rectum, poised over privacy and the U.S. Constitution"
- an item about a new Windows version and posts like "It is Satan's rectum, poised over the computer world";
Yech! Please stop it before it starts!
http://www.foxnews.com/printer_friendly_story/0,3566,435681,00.html
i request a joke characterature and i get the genuine article
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
No doubt the spammers now have the goods on the World Bank to have their loan for that Dam they're building to be approved.
And the highway project is done deal too!
This Sig does not Exist.
not a raving fruitloop
come on people
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
The US government has a long history of conjuring up fictitious demons in order to justify bringing in more police state measures.
I bet we're about to hear of a clampdown on the Internet, "to safeguard freedom and the effective operation of world markets".
someone will always build a ladder just a little higher.
So what if the World Bank gets hacked into? It's not like banks have any money left to steal these days.
fuck you
In reading the comments here, everyone is taking this news story very seriously (obviously not counting the deliberate jokes). However, /. readers when presented with political news stories by Fox News, will invariably start trashing Fox News. They will say they're a "right wing rag", "Republican mouth piece", "they can't be trusted", "unbalanced", etc. Well people, you can't have it both ways. Either Fox News is reliable, or it's not. You can't pick and choose which news stories to believe.
It is interesting, though, that it has been about a year since the current run on the stock markets and world finances began. (The current credit crunch, if you look at the graphs, is simply a continuation of a trend that began probably about April last year.)
Now, to use the oft-quoted "correlation does not prove causation", it would be totally absurd to say that the coincidence of dates proves the current problem is related to the cyber-attacks. Lots of things probably happened in April of last year. To pick one out, just for the sake of picking something, would be stupid. However, if I were in charge of IT security at the World Bank, I would be wanting to know if sensitive or classified information was continually exposed over that period that would permit someone to destabilize things.
It's almost certain that unencrypted sensitive information would be present on e-mail servers, which is stupid and naive, and members of the World Bank who don't make use of secure methods of communication for sensitive material should be made to walk the plank regardless of whether any harm was done. The IT managers who allowed unencrypted data to be present and who did not properly install suitable intrusion countermeasures should follow shortly thereafter. In the (extremely dubious and unlikely, but arguably possible) circumstance that the crisis is related to the infiltration, then the game changes from a mere fix-things-up and discipline-the-bastards scenario to a more severe lockdown-the-damn-network-now-defcon-1 type of situation.
The former simply means you need to apply suitable patches and/or servers, and maybe hire a pirate ship to escort the former employees to shark-infested waters. Since this is the most likely situation by far, that's all they need to do. But concealing it hasn't helped them apply the measures they needed, or the attacks could not have continued the moment it tripped the first intrusion detector. In this case, the secrecy has caused severe harm to the World Bank, but probably nobody else. Like I said, this is the most likely.
The worst-case is that we're seeing a positive feedback loop. Sensitive/classified information on volatile situations that could cause those situations to get considerably worse being posted, then lifted and used to do exactly that, causing people to post even more such information, and so on. Positive feedback loops are not simply a technological problem but an entire attitude problem and social engineering problem. That requires more than IT security, because IT security can't debug or firewall the brain. Yet. Such a loop might easily require a complete organizational shutdown, because no amount of patching will help. It needs a major attitude shift - not just on the part of internal employees but also on the part of all countries involved - and that takes time. If it's the mind that's the vulnerability -AND- it is causing massive devastation, the World Bank would have to shut down all operations completely. Otherwise, you can't guarantee killing the loop. The chances this would need to happen are extremely slim, but as I said, it is technically possible, and you can't afford to be piecemeal when it comes to such scenarios.
If it's so unlikely, why mention it at all? Because the timing -is- interesting (a crisis is uncommon, so two parallel financial crises should raise eyebrows), along with the fact they even see it is as a crisis is exceptionally interesting, the fact that their response has been one of paralysis (suggesting a non-trivial people problem, rather than an idiotic individual or an unpatched machine), and the fact that everyone else's management of their perceived problem isn't managing it in the least, is suggestive that (a) the wrong problems are being fixed, and (b) that there is a lot of pressure to avoid fixing - or even seeing - the right problems. Suggestive isn't proof, of course, which is why I'm more interested in whether they're even looking to see if this is a possibility.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
They're the ONLY major media outlet not singing in the Obama choir. Maybe you should ask yourself why liberals can barely conceal their glee at the thought of economic calamity, or at the thought of a deadly hurricane headed for New Orleans during the Republican national convention.
Does anyone intelligent actually believe anything on FOX News anyway? There's an elect-the-Republican angle in here somewhere.
Hmm... Fear? Check. Blame China? Check. I'm sure they'll work Terrorists and Mexicans and the French into this somehow. Blah.
you had me at #!
Secrecy is the hallmark of your government. There are good reasons for this. Bush-Cheney would be dangling by piano wire at this moment if the American public could freely see into what they've done and how they did it. (Actually there's more than enough of what we know they've done.)
It's one reason why a Democrat isn't permitted to be elected; Obama-Biden have threatened to prosecute criminal acts under Bush-Cheney. You can bet that puts the fear of god into them. Too many powerful people have too much to lose.
you had me at #!
I've always thought the next world war would be fought with I.T. tools, acquiring data, corrupting data, putting economies into turmoil. Is this what is happening? China and others(recall cybertraffic around the olympics when Georgia-Russia got into it), are they secretly waging war or deceptively setting up the next war? And what, if any response is the U.S. countering with? Is this something hidden from citizens or is it just not happening?
What if the hokey-pokey is what it's all about?
Cue exploding van footage in 3... 2... 1...
China? Well here at WB when we find out who did it,we just cut off the flow of money and they can go to bed without supper.Nope, not even those brussels sprouts you wanna mail to em. No Money,No food and then the Mongols next door can kick your ass.Intrude on us will ya,We'll reposess that olympic stadium,then where will you host? Bet that'll be embarrassing.
We're World Bank. We don't care. We don't have to.
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
iow, YOUR information is in there, to be a datapoint.
MY information is in there, to be a datapoint.
etc.
It gives anyone with the info leverage in discovering how to "pressure" or "squeeze" the gov't local to there/here.
It gives anyone with the info leverage in knowing what kinds of crime to commit where, to be maximally effective in exploiting the local population.
It gives one good indication of what kinds of organized crime are there, to know what the competition is.
lots more, too.
Simply scanning data gives people lots of ideas.
( where to put "protection rings", piracy, torture facilities, illegal trade-routes, where to get work, or invest as, IT for organized crime, etc )
WB successfully but unintentionally outsourced everything! :)
Even the information !
You know, corporate accounting is sure as hell gonna notice $305,326.13....
So now we know why all these banks across the world have been failing...let's blame it on hackers now, and not the banks! If world bank goes under, now they have an excuse!
Can anyone tell me why on Earth you would have computers with such sensitive data connected to the outside world/internet? Why were they not on their own private network, behind tons of firewalls and other security devices? Are Bankers that stupid? Apparently they can protect physical items very well, but not electronic information...
The world bank makes HUGE loans to entire nations and imposes draconian reform rules and regulations, requires real assets as collateral, usually the target nation's most valuable raw resources, and charges interest. If that ain't a bank of sorts, what is?
Ya but this is Fox "News"
...I could give you some really good disreputable ones. In the meantime, researchers have found a home owner unaffected by the crisis so far.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
At the end there's an update that has a comment from World Bank:
UPDATE: After FOX News published its story, a World Bank spokesman issued the following statement: "The Fox News story is wrong and is riddled with falsehoods and errors. The story cites misinformation from unattributed sources and leaked emails that are taken out of context. "Like other public and private institutions, the World Bank has repeatedly experienced hacking attacks on its computer systems and is constantly updating its security to defeat these. But at no point has a hacking attack accessed sensitive information in the World Bank's Treasury, procurement, anti-corruption or human resources departments."
Is this World Bank trying to reduce the damage, or is Fox as sorry as we know it is?
As an employee, let me explain something which may not be clear: we are not a "Bank" in the sense of your neighbourhood lender, holder of money and such. We are a development agency, not much different from USAID. As such, we don't deal with personal financial data like you're accusing us of doing so.
Now, with that clarification out of the way... I agree, the way this has been handled internally is disastrous. Our largely incompetent IT team has kept us in the dark about what has been stolen and from where. There is no clear understanding of what passwords were compromised, what data was stolen and an email sent to all hands basically says "we will never know". This is infuriating to staff because it's possible that our banking (personal bank accounts, like your neighbourhood bank) details were stolen, along with tax info, personal id numbers, and so on.
My understanding of what happened is this: internally, we used to use a single password system, deployed at ridiculous expense two years ago, after years of development. (Any one chapter of the development of the single password system would qualify as a story at TheDailyWTF.) Said system would change passwords by going to every system (Active Directory, SAP, internal applications, etc) one by one and changing the password. Said system was also developed in house, with no code review and inevitably, someone discovered a flaw in it, and broke in. Since all other systems were set up to trust this password broker system, you could change an administrator password by simply telling the broker to negotiate the change.
What is aggravating most of all however, is that the breach was detected initially in July 2007, nothing was done for OVER a year and when they did decide to start cleaning up the mess, it was when a huge portion of staff were on leave or away at work on the field. So naturally, they were cut off from access, without any contact information, or even understanding what had happened.
We're still waiting to have the CIO and most of the IT staff fired. A bug can happen. Not correcting said bug for over a year once means their heads should roll. Don't count on it, though.
I believe I speak for a good deal of IS specialists when I shake my head in a morose fashion and say "this is why I don't trust financial institutions to safeguard diddly squat"
Happiness does not come from having much, but from being attached to little.
s be? Is it more probable that some US spy ring infiltrated Chinese - our friend's - computer network and conducted this intrustion from there? I know the Bush camp is into that sort of thing.
Well keep in mind in the 1997 Asian Financial Crisis the IMF recommended the Asian Governments to do about the opposite of what the USA is doing now.
http://en.wikipedia.org/wiki/Asian_financial_crisis
"The IMF's support was conditional on a series of drastic economic reforms influenced by neoliberal economic principles called a "structural adjustment package" (SAP). The SAPs called on crisis-struck nations to cut back on government spending to reduce deficits, allow insolvent banks and financial institutions to fail, and aggressively raise interest rates."
Raise interest rates, allow insolvent banks and institutions to fail (even if they are "too big to let fail"). And allow them to be bought up by foreigners. How'd the USA like it if AIG got bought up by China/Japan (they do have enough money, it's just that they know it'll annoy their number 1 customer ).
Go compare what the USA is doing now to the IMF's recommendations in 1997.
So, forgive me if I see the IMF as evil. The World Bank? Probably the other arm ;).
They're both just tools for the US to increase its power over the rest of the world.
went up the hill to fetch a pail of financial intervention
betty and sue just got married in connecticut
oh wait what? you were taking this SERIOUSLY
dude: i'm going to ease you a nice soft pitch of intellectual charity, and then i'm going to run away and post no more in this thread, because you are certifiable, and i don't like being mean to crazy people:
it's a LITTLE more complicated than your analogy
(runs away)
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
When you've got global secrets, the whole globe will try to find them out.
Let's hope they publicize as many "secrets" as possible - and then, maybe, we can all wake up from this nightmare of economic control.
It is pitch black. You are likely to be eaten by a grue.
It's one reason why a Democrat isn't permitted to be elected
Riiiiight . . so when Obama gets elected what happens to your conspiracy theory then? I'm guessing I won't hear about it then, so I want to get your reaction now.
They pay off the local dictator/junta. That is what "forces" some nations to accept their loan shark terms. Joe imperial leader in east elbownia could give a shit about his people, he just signed a $10 billion loan, he gets to pocket a billion and stash it away. WTF does he care, he ain't gonna be repaying it. And that is probably some of the information that is out in the wild now that they are freaking out over. Just look at some of the 100% pure slime they hire as bosses, wolfowitz?? I mean...sheesh.. the other poster is correct, the imf and world bank are rackets. Near the top of the heap in the military industrial complex daisy chain. Go google for what they did to bolivia and their water supply and the link with bechtel.
I'm just here to say these three foolish slashdotters have been ID'd. Anon is the way to go!
Next time, please try to RTFA. Oh, and the attached email in TFA if it's genuine. Their security was... um ... extremely lax to get hit as fucking badly as they did.
I'm tempted to use 'incompetent' in the above, but I'm willing to give them the benefit of my doubt and to use... lax.
all media is biased
the only true test of bias is the individual. and since each of our bullshit meters is different, only in aggregate does a judgment of bias become apparent
and when you look at an aggregate opinion of the people, it becomes apparent that some media swings right, and some swings left
and this is the way it always was, is, and always will be. if fox news went out of business, another media outlet would spring into being to fill the void, since it satisfies a craving for right leaning folks to get their prejudices pampered. and this observation applies equally to the left, its prejudices, and liberal media. there is never an end to a right wing media, never an end to left wing media
such that a constant passionate obsession with bias in the media is more of a hallmark of naivete and cluelessness
every day the sun rises and sets. at 7 am when the sun comes up, do i guffaw with shock and amazement? when the tide comes in and out, do i start frothing at the mouth in hysterics?
no. nothing i do will change the rising and setting of the sun or the tides. nor do these occurences become interesting or remarkable anymore
likewise, nothing i do will change the existence of bias in the media, nor is the existence of bias in the media of any interest or remarkability
the entire subject matter is remedial
this applies equally to those who foam at the mouth about the liberal media, and those who foam at the mouth about fox news: naivete about how their world works
anyone with any real intelligence on the issue of bias in the media is over it, doesn't care anymore
meanwhile, anyone who is a child is still obsessed with the issue
its over. its a done topic. its completely unimportant: media is biased. it doesn't matter anymore. stop talking about it already unless you wish to prove you are unfamiliar with simple realities about the world you live in like a small child
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
http://www.foxnews.com/projects/pdf/WorldBankDoc1.pdf
Why would anybody authorise installing Skype in a Bank environnement? How many organisation instal Skype in a closed environment? Since when a Lotus Notes Admin account gives you access to a physical server? When did Microsoft start forensics?
You've managed to mischaracterize the positions of both the left and right wings. What does that make you?
As I see it, the right has a problem with doing anything that isn't suggested by a Republican and the left has a problem with doing anything that isn't suggested by a Democrat. There's your fundamental difference.
simply make it look like it was from china by controlling the edge routers. Hmmm. who controls those routers?
there really is no difference. For the times that I have watched FOX, it is pretty obvious that they are the pub's pravda.
I prefer the "u" in honour as it seems to be missing these days.
We all know what's going down in the so-called 'finacial world' right now. Somewhere somebody wants to sink some 9-to-12-digit money-loss to the bottom of the ocean with a block of concrete tied to its feet without others noticing it - thus this shady cover-up story. I don't trust it a bit.
Believe me, people, the stuff we're hearing on the news and in every official channel, in Europe but in the USA especially, its 80% total and utter bullshit. You don't seriously believe that people who don't care squat about who's money they're burning think twice about oomphing the next inflation and deficit spree on top of the old one that just blew up sky high on the tab of current market values still in play in the real economy? I thought so. I trust these people who do even more than fake a break-in to get back to business as usual.
I think this story couldn't be farther from what it is presented as. Especially if it comes from the US Reichspropaganda Ministry 'Fox News'.
Posted anonymously from somebody with a few-digit sum of slashdot comments. Yeah, I'm starting to get that paranoid. And for good reasos too.
...that Fox has the most reputable and accurate reporting on the planet, their sources are impeccable and they NEVER blow things out of proportion.
This article is more than a little sensationalized...
-Viz
Don't kid yourself. It's the size of the regexp AND how you use it that counts.
The US government has a long history of conjuring up fictitious demons in order to justify bringing in more police state measures.
I bet we're about to hear of a clampdown on the Internet, "to safeguard freedom and the effective operation of world markets".
Of course, the reason our government does that is because it is a government By, Of and For The People. That means our leaders are (to a limited degree) accountable to us, and have to sell us on any such nonsense they wish to implement. That they're able to do that is speaks more to the caliber of the American citizen than anything else. We should be a harder sell than we are, that's for sure. As it is, just mention children or terrorists and we'll bend right over.
Put it this way: the reason that national governments of countries such as China, or Russia, or North Korea don't have to run a con on their citizens is because those people are nothing more than subjects, serfs in fact. They have no say in what their governments do, so their governments do whatever the hell they want.
The higher the technology, the sharper that two-edged sword.
I sure hope they succeed!
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
It is Satan's rectum, poised over your sense of humor.
Is anyone else a little surprised that an actual list of server names and apps was leaked in the memo?
And oh, look, they don't even subscribe to the fundamental security tenet of not naming your hosts something obvious. An attacker wouldn't even have to scan the box to determine where to begin an attack. That saves time! From the memo...
SERVERS CONTAINING SENSITIVE DATA:
---
wb2ksql08
wbmfilecl01b
wbes126
wbdc104
wbmsrsa001
Golly, I wonder what platform and applications these servers are running.
>>I've always thought the next world war would be fought with I.T. tools, acquiring data, corrupting data, putting economies into turmoil.
I hope you're right. I'd rather have my flights redirected and my credit cards canceled then be gut-shot by a 17-year-old conscript.
After all, I'm a 2 hour drive from Canada as it is... I can just see the Tim Horton's signs going up as they politely herd us into 're-education' camps to watch hour after hour of the Red Green show.
Yes, I've thought about this a lot.
-b
No offense, but I've stopped responding to AC's.
We offer OEM mod POINTS at low prices, from Adobe, Microsoft, Mac, ETC!
We also sell high-quality SLASHDOT THREE and FOUR DIGIT ID replicas! Go to that cocktail party with this ID, and be sure to catch people's attention. You'll have ALL the class, and still have all your MONEY.
UPDATE: After FOX News published its story, a World Bank spokesman issued the following statement: "The Fox News story is wrong and is riddled with falsehoods and errors. The story cites misinformation from unattributed sources and leaked emails that are taken out of context.
"Taken out of context" by definition means "it happened and we can't deny it, but we're not crazy to confirm it".
I don't know why would Skype be installed, but you should read the memo a bit more thoroughly before making "bogus" claims.
Nowhere does the it say that a Lotus Notes Admin account has been compromised. It says that the Notes Server sent a notification triggered by an attempt to access the mail inbox for a (compromised) sysadm account of some guy who was on vacation.
And nowhere does it say that Microsoft was doing the forensics, it says that "Microsoft forencsics is being worked on by Charles team". Since the server they mention is a Domain controller, it would make sense that they're running some M$ software on it, wouldn't it?
I'm not saying the memo is for real, but you need to work a bit harder than that to discredit it
The fact that this comes from fox news makes doubt the doubt the validity of the story. Does it also come with a demonstration of an exploding van?
It sounds to me like they're trying to set up a scapegoat to blame for the current financial crisis, while of course, protecting the CEOs of the big banks and those who are actually responsible for the current world situation.
Everyone should check out
ZEITGEIST: ADDENDUM
http://www.youtube.com/watch?v=SAZi-gQENkk&feature=PlayList&p=16518231BAB0C8BD&index=0
An admin that let a series of breeches of national level financial data like that happen would have been executed.
You forgot to make one for goatse!
But that probably is Satan's rectum itself...
World or United seems to end badly?
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
SANS Internet Storm Center has published these words, from a World Bank spokesman, regarding this Fox story specifically.
"The Fox News story is wrong and is riddled with falsehoods and errors. The story cites misinformation from unattributed sources and leaked emails that are taken out of context."
"Like other public and private institutions, the World Bank has repeatedly experienced hacking attacks on its computer systems and is constantly updating its security to defeat these. But at no point has a hacking attack accessed sensitive information in the World Bank's Treasury, procurement, anti-corruption or human resources departments."
http://isc.sans.org/diary.html?storyid=5161
Can such a gross and misleading news article by such a large and well-funded media organization, with such wide-reach, be attributable only to poor quality reporting and lack of editorial standards, or is Fox trying to start a run on the bank?
Oh wait. That doesn't make any sense, it isn't that kind of bank. But these aren't ordinary times, and who is this Fox after all? Sorry to be grabbing my tinfoil hat, for example, but clearly questions should be raised.
You can't be ahead of the curve, if you're stuck in a loop.
World Bank Cyber Intrusions
Published: 2008-10-10,
Last Updated: 2008-10-10 20:27:54 UTC
by Marcus Sachs (Version: 1)
0 comment(s)
Several readers wrote us today pointing out the Fox News story about cyber attacks against the World Bank. There are a lot of details in the Fox News report, but no other independent confirmation of the story. A recent update to the online story says this:
UPDATE: After FOX News published its story, a World Bank spokesman issued the following statement:
"The Fox News story is wrong and is riddled with falsehoods and errors. The story cites misinformation from unattributed sources and leaked emails that are taken out of context.
"Like other public and private institutions, the World Bank has repeatedly experienced hacking attacks on its computer systems and is constantly updating its security to defeat these. But at no point has a hacking attack accessed sensitive information in the World Bank's Treasury, procurement, anti-corruption or human resources departments."
If you are aware of any other reports (not based on or pointing to the original Fox News story) please let us know via our contact page.
Marcus Sachs
Director, SANS Internet Storm Center
Keywords:
0 comment(s)
http://isc.sans.org/diary.html?storyid=5161
And for some reason you think Canada would be immune from that?
Look, without the US Canada would be in serious trouble. Their military sucks (not the people, the equipment) and they're very dependent on the US for protection and economy.
They approached the company I work for quite some time ago, looking for help to get things under control. They have networks in ~100 different countries, mind you, and wanted absolutes: all vulnerabilities found, all problems fixed, all breaches found and cleaned up. They provided almost no details of their environment, were not open to answering questions, and gave a ridiculously short timeline to scope it all out. And the maximum allowed timeline for this insane uber-project? Six weeks. They need to grow the fuck up and treat IT security as a business function that can protect them, not as whipping boys that they grudgingly acknowledge now that they've been smacked around by bad people. In the meanwhile, they deserve the news coverage...better that they serve as an example to others of what not to do.
For your security, this post has been encrypted with ROT-13, twice.
Let me guess they are using software from Microsoft right? I don't think we are in Kansas any more Toto.
Pay not attention to that man behind the curtain!