Slashdot Mirror

← Back to Stories (view on slashdot.org)

World Bank Under Cybersiege In "Unprecedented Crisis"

Posted by kdawson on from the wolf-really dept.

JagsLive sends in a Fox News report on large-scale and possibly ongoing security breaches at the World Bank. "The World Bank Group's computer network — one of the largest repositories of sensitive data about the economies of every nation — has been raided repeatedly by outsiders for more than a year, FOX News has learned. It is still not known how much information was stolen. But sources inside the bank confirm that servers in the institution's highly-restricted treasury unit were deeply penetrated with spy software last April. Invaders also had full access to the rest of the bank's network for nearly a month in June and July. In total, at least six major intrusions — two of them using the same group of IP addresses originating from China — have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month. In a frantic midnight e-mail to colleagues, the bank's senior technology manager referred to the situation as an 'unprecedented crisis.' In fact, it may be the worst security breach ever at a global financial institution. And it has left bank officials scrambling to try to understand the nature of the year-long cyber-assault, while also trying to keep the news from leaking to the public." Update: 10/11 01:15 GMT by T : Massive spyware infestations might be good cause to reevaluate the TCO of non-Windows systems on the desktop.

15 of 377 comments (clear)

  1. This was bound to happen. by Anonymous Coward · · Score: 5, Insightful

    These days financial institutions consider IT (and other) security as something that costs them money, without giving them any benefit.

    Will this wake them up?

    I hear the question "Can we afford"? when talking about security in IT shops. The question that I am coming back with is "Can we afford not to"?

    Just how many more banks machines are compromised? How about Federal and Local Government's machines and networks.

    If you had enough financial data somebody could cause an economic collapse - I wonder what it would look like.

    1. Re:This was bound to happen. by g0es · · Score: 5, Insightful

      These days financial institutions consider IT (and other) security as something that costs them money, without giving them any benefit.

      Will this wake them up?

      I hear the question "Can we afford"? when talking about security in IT shops. The question that I am coming back with is "Can we afford not to"?

      Just how many more banks machines are compromised? How about Federal and Local Government's machines and networks.

      If you had enough financial data somebody could cause an economic collapse - I wonder what it would look like.

      For most financial institutions their primary goal when it comes to information assurance is to pass audits. As you stated security is usually a cost center and they do what ever they can to keep that cost down. This generally means doing just enough work to make them compliant and as well all know, compliant != secure. I do not beleive these incidents will change anything unless the financial institutions are forced to a higher standard. I will continue to hope that they will see the light.

    2. Re:This was bound to happen. by wkk2 · · Score: 5, Insightful

      Why wasn't all traffic limited to white listed addresses and that traffic limited to VPN connections using tamper resistant encryption hardware?

    3. Re:This was bound to happen. by ScrewMaster · · Score: 5, Insightful

      Because bankers are traditionally among the cheapest bastards on the planet. Rich people frequently are ... it's part of why they got to be rich in the first place. Furthermore, in the modern world the contents of a bank's hard drives are much more valuable than what's in their steel-lined vaults. I don't think they've fully come to grips with that, or they'd have spent more money on information security.

      --
      The higher the technology, the sharper that two-edged sword.
    4. Re:This was bound to happen. by TubeSteak · · Score: 4, Insightful

      Furthermore, in the modern world the contents of a bank's hard drives are much more valuable than what's in their steel-lined vaults. I don't think they've fully come to grips with that, or they'd have spent more money on information security.

      Insurance companies act as private regulators in a 'free' market.

      Banks buy insurance for the contents of their vault, meaning their insurance company effectively dictates the minimum requirements for the bank's physical security. Higher cost security is balanced against lower insurance rates.

      Physical security is a mature field.
      Internet security is not and probably will not be for some time.

      --
      [Fuck Beta]
      o0t!
  2. Fox is like the National Enquirer by NobleSavage · · Score: 4, Insightful

    I'd really like to read about this from a source other than Fox news.

  3. Blaming the Chinese is useless by Progman3K · · Score: 4, Insightful

    First thing I would do is launch my attack from a compromised host in country X while being in country Y

    --
    I don't know the meaning of the word 'don't' - J
  4. reputable source? by Bearpaw · · Score: 4, Insightful

    Does anyone have a link to a story on this from a reputable news source?

  5. Security? by cdrguru · · Score: 4, Insightful

    Face it, no matter how secure a system is, if it is usable by humans it can be breached. Easily.

    There is anywhere from a 100 to 1000 hackers/crackers/slimeballs out there that are ready and willing to take on each and every system. Ones that claim to be "secure" are just a bigger target. There is no such thing as a completely "secure" system that is usable and accessible by ordinary humans. True security would require controlled physical access, multiple authenticating factors, and so on. None of this is going to happen for an accessible system usable by "ordinary humans".

    About all that is realistic is to minimize the damages. Face the fact that if you are a target you are going to lose. Try not to lose too much.

    Prosecution of the break-in? Forget it. It's the Internet. It is International. If it looks like it is coming from China, it could be real or it could be a proxy. There are no effective International laws that will assist in any sort of prosecution. There is no supra-national police force that will break down the door of the cracker and haul them away. Nothing is going to happen. Unless the guy is a complete idiot that brags about it.

  6. Re:Before anyone mods the parent down.... by Angostura · · Score: 4, Insightful

    Actually, I never assumed for a moment that the parent was a left wing nut. I assumed he was a right wing nut. There is a certain section of conservative opinion that believes any international multilateral body (I'm looking at you, U.N) is the spawn of satan.

  7. Urgent message to mods re: Satan's rectum by Anonymous Coward · · Score: 5, Insightful

    It is Satan's rectum, poised over the third-world.

    Best slashdot line in ages.

    Please, please, please mod parent comment down. The last thing we need is for the phrase "It is Satan's rectum, poised over ..." to become a new Slashdot meme.

    I mean can you imagine:

    - an item about Linux and posts like "It is Satan's rectum, poised over capitalism";

    - an item about fascism and posts like "It is Satan's rectum, poised over our freedoms";

    - an item about the Cheney/Bush government and posts like "It is Satan's rectum, poised over privacy and the U.S. Constitution"

    - an item about a new Windows version and posts like "It is Satan's rectum, poised over the computer world";

    Yech! Please stop it before it starts!

  8. Re:Before anyone mods the parent down.... by flitty · · Score: 4, Insightful

    The World Bank and the IMF are infamous for requiring Countries to De-Nationalize resources, requiring that foreign Nationals can buy up once publicly owned companies, and turning social Democracies into lasse-faire capitalist countries in return for their "aid". See: Poland, Indonesia, Chili, Argentina, South America, etc. This usually causes real wages to fall, unemployment to increase, and the reduction of land ownership by locals.

    --
    Whether or not there is some sort of god, I'm not supposed to say/god is a word and the argument ends there-Smog
  9. Re:0wn3d by IchNiSan · · Score: 4, Insightful

    OR, maybe the world bank just bought some "cisco" security devices. You know, the ones made in china?

  10. What??? Where do you get that? by Anonymous Coward · · Score: 4, Insightful

    The world bank makes HUGE loans to entire nations and imposes draconian reform rules and regulations, requires real assets as collateral, usually the target nation's most valuable raw resources, and charges interest. If that ain't a bank of sorts, what is?

    1. Re:What??? Where do you get that? by TapeCutter · · Score: 4, Insightful

      "If that ain't a bank of sorts, what is?"

      1. An agency mandated to have a US citizen leading it, it's purpose is to hide the identity of predatory lenders who blackmail impoverished governments via their tresuries. Largely financed by the industrial/military complex to keep the oil flowing to the military/industrial complex.

      2. An agency that used the Bretton Woods system to rebuild western Europe, and has gone on to bring democracy, wealth and good govanance to much of S.America, S.E Asia, and Eastern Europe.

      I have heard "the road to hell is paved with good intentions" and suspect both definitions are correct at one time or another.

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.