Slashdot Mirror
International Monetary Fund Hit By Cyber Attack
DotNM writes "CityNews and other media outlets are reporting that the International Monetary Fund has been hit by a 'cyber attack.' They are withholding most of the details; however, it is known that the World Bank has shut down a 'link' between them and the IMF." Adds reader Hugh Pickens, "A cyber security expert told Reuters the infiltration had been a targeted attack, which installed software designed to give a nation state a 'digital insider presence' at the IMF. 'The code was developed and released for this purpose,' said Tom Kellerman, who has worked for the Fund. Bloomberg quoted an unnamed security expert as saying the hackers were connected to a foreign government — however, such attacks are very difficult to trace."
Not much info is given, but it looks like someone got an email, they clicked it and then got infected.
So the hack was really just an employee doing something.
IOW, the Chinese did it, and everyone is too fucking scared to point the finger.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
According to conspiracy theories, bringing the current currencies down so that a new world order arises will be an Inside Job (TM).
Is this to be interpreted as a declaration of war on the IMF? Because that was long overdue.
IMF is the "Henry" for other nations. Take Greece for example: IMF is lending money to Greece, even though the country wont be able to pay back. Eventually, IMF has managed to infiltrate the country, without the use of weapons, and now they affect Greece's international and also national policies, laws were changed in favour of the Man, situation gets worse everyday.
What i am trying to say is that IMF has only done harm to humanity, and they will always be a justified target.
...or it could have been Lulzsec or any other organization or individuals. Believe it or not, there are for more hackers out there than just Anon.
> Bloomberg quoted an unnamed security expert as saying the hackers were connected to a foreign government
So this "unnamed security expert" sees the IMF as a (world?) government or as part of some (the american?) government.
Or what does the word "foreign" mean here?
In the middle of the Bloomberg article is the statement:
A SecurID device is shaped like a key fob or a computer-memory stick and generates random-number passwords used to gain access to a computer network
Continuously changing passwords != Random
How can the hackers be foreign if we're the *international* monetary fund?
It's the Cylons. This is exactly why we don't network our systems together.
I actually laughed out.
The most secure computer is one that is not on the internet or networked to other computers. I am surprised BSG preaches that to the mainstream. Or that never sleep with robots.
A BSG ship must be one that must be managed by a team of sysadmins. If you can't network you must have one physical computer per subsystem.
sudo /etc/init.d/hyperdrive restart /etc/hyperdrive.conf
Password:
Core dump: Failed to restart, not aligned
Hint: Is antimatter callibrator powered and within frequency range?
vim
Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
Interesting and creepy at the same time.
I like the aura of mystery your create and the menacingness. Yet at the same time you sound like a hero, almost an anti-hero, shrouded in justice and maybe a troubled past.
I can see a movie now.
Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
Isn't it great when real life starts playing like a cheesy B movie? We just need a real super villain to rise up out of this and it will be /popcorn time.
Speaking of the IMF scandals, what happened to the deposed chief of it that got sacked with a sex scandal in NY? What has became of that? My money from the start was it was a set up and that after he was burned out of the position, his case will vanish in legal smoke, everyone will blame lawyers and liberals or something and he will be off and running back to France. Everyone wins, except him and socialism. Did I miss something?
So who are these new players in the game? Old players just firing a shot off the IMF's bow with this new fangled warfare of cyberwarfare? Here's a question, who's to gain from all of this? Bloomberg? American politics are everything these days to watch. Bloomberg is a Republican, and the hawkish right might be making some preludes to some war. Or is it the usual suspects the Chinese and their shenanigans?
Where is Bond? Shouldn't he be in some lurid scene getting a phone call to get on the job?
This has to be the geek/mercenary wet dream for job opportunities. Perhaps espionage should become part of a good geeks resume'? Put down the bag of Cheetos, pick up some weights, walk for the beer instead of drive. We might be in for a long run at this, so might as well get with the program now.
Take the Red Pill.
Maybe the politicians will have to stop using their (our) national "credit cards" for a while. A few decades would be nice.
The purpose is to provide sufficient excuse to continue military spending. You may recall the USA hit it's debt limit and is about to default. This will persuade the dissenting politicians that they should vote for an increase in the limit.
Deleted
Remember Stuxnet? it was deliberately designed to infect machines that were not connected to the internet by jumping aboard USB thumb drives. Just not being connected to the net isn't enough, although it certainly helps isolate you from the vast majority of the attacks an outside force could try. If that machine is in contact with any other machines, in any way, it's possible to be compromised unless even greater security measures are implemented.
So the most secure machine is one that is not networked with any other machines, and is not allowed contact with any other machines, even vicariously through sharing files.
If you build it, nerds will come. Soylentnews.org
Nevermind, it turns out it was just Goldman Sachs trying to colocate their servers with the IMF computers...
And Americans = terrorist supporters.
e.g.
http://www.youtube.com/watch?v=3NUDWQ0U7N8
How many countries has the USA invaded recently? Whether you are better or worse than someone else is irrelevant. This is what you are.
Deleted
Dominique Strauss-Kahn != Cristiano Ronaldo
http://www.youtube.com/watch?v=fIzuY5V_YUI
THIS is how to charm hotel maids :)
The 419 Nigerian scam who have been working for the IMF.
All cows eat grass!
One example is that the IMF stopped Malawi from stockpiling grain, and many people died of starvation as a result:
"... when in 2001 the IMF found out the Malawian government had built up large stockpiles of grain in case there was a crop failure, they ordered them to sell it off to private companies at once. They told Malawi to get their priorities straight by using the proceeds to pay off a loan from a large bank the IMF had told them to take out in the first place, at a 56 per cent annual rate of interest. The Malawian president protested and said this was dangerous. But he had little choice. The grain was sold. The banks were paid.
The next year, the crops failed. The Malawian government had almost nothing to hand out. The starving population was reduced to eating the bark off the trees, and any rats they could capture. The BBC described it as Malawiâ(TM)s âoeworst ever famine.â There had been a much worse crop failure in 1991-2, but there was no famine because then the government had grain stocks to distribute. So at least a thousand innocent people starved to death.
Extracted from http://www.independent.co.uk/opinion/commentators/johann-hari/johann-hari-its-not-just-dominique-strausskahn-the-imf-itself-should-be-on-trial-2292270.html
Other examples: http://en.wikipedia.org/wiki/International_Monetary_Fund#Impact_on_access_to_food
by jumping aboard USB thumb drives
Which indicates that the systems were running Windows XP which is the only OS out there with the autorun "feature". If you're using a Windows OS to run critical industrial facilities then you really deserve to be hacked and have your facility shut down. This system was never intended to do that.
If you want a secure setup use a decent Unix variant to run your servers; you can even have them accessible from the outside if you know what you're doing.
I think it was Bin Laden. He realized his body was not going to last much longer, so he had it copied onto those thousands of USB drives and hidden in various files using steganography techniques. Then, when the US forces analysed them, the bits of Bin Laden's consciousness became assembled in the US government's computer networks. From there, it was trivial for Bin Laden's digital ghost to get into the IMF.
See how simple that was?
You don't need autoplay for infection. Most viruses in the times of DOS spread in floppy disks, and there was no autoplay feature in DOS. Whatever system you are using, it has to access the media in order to learn about things like its filesystem, even before that, there has to be a driver of some sort for the actual hardware. If there is a bug in the code handling any of these things, an infection can occur long time before any autorun feature would even kick in.
AccountKiller
Oh my, you just scared me into realizing something.
We're going to have to all go back and study the Darmok episode of Trek TNG. Why? Because all we'll be able to get out is catalog numbers of Amazon's database containing the message we want to send.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
This is the IMF. What's a foreign government, in that context...Martians?
For your security, this post has been encrypted with ROT-13, twice.
It's really quite hypnotic too.
Dark Marteria with the +1 Insightful again.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Why would a large organization always mean a country? Why not a large bank that wants to know in advance how much risk is really involved in lending money to Greece? Goldman-Sachs has been rumbeling in that area more than enough already.
Actually Stuxnet has been analyzed pretty well and would have attacked Windows XP, Windows Vista, and Windows 7 - no autoplay required. Remember the purpose of placing a USB key in one of these machines is to copy data from / to it because the machines aren't networked and the data has to be analyzed. In this case, a couple of zero day vulnerabilities were utilized that caused Windows to get infected by just opening the folder. Mark Russinovich did a nice, digestible 3 part write up on it that starts here: http://blogs.technet.com/b/markrussinovich/archive/2011/03/30/3416253.aspx.
You don't need autoplay for infection. Most viruses in the times of DOS spread in floppy disks, and there was no autoplay feature in DOS. Whatever system you are using, it has to access the media in order to learn about things like its filesystem, even before that, there has to be a driver of some sort for the actual hardware. If there is a bug in the code handling any of these things, an infection can occur long time before any autorun feature would even kick in.
Did you have the light on when you had breakfast? Me thinks you ate a bowl full of thick pills instead of your wheeties! I hope so - because otherwise you are barking mad.
In the days of MS/PC/4/IMB-DOS malware (like "del. > nul" in a setup.bat) on floppy drives required the user to actually execute the .exe/.com/.bat file.
Propagation through Interrupt 13. When BIOS routines managed all disk access for the OS.
01h 02h and 03h were the handler subs which gave you a vector for the MBR-type of virus.
McAfee used to update signatures quarterly...
"Flyin' in just a sweet place,
Never been known to fail..."
Propagation through Interrupt 13. When BIOS routines managed all disk access for the OS.
01h 02h and 03h were the handler subs which gave you a vector for the MBR-type of virus.
McAfee used to update signatures quarterly...
No dispute there. But.... it still requires user intervention. I know some of the GNU folk'll hate me - but an OS - from Windows to Oberon can be compromised by the user. If the user is stupid. If one does something detrimental to oneself it. is. stupid. Even rocket scientists can be stupid. A rocket scientist who lights a cigarette beside a leaking oxygen cylinder is stupid. Our choice of OS and how we treat that choice is like choosing how many leaking oxygen cylinders we keep close by. Because we're human, and sooner or later, we will do something stupid. All we can do is concentrate, and try and keep our environment as forgiving of stupidity as possible.
It's a subtlety lost on many - like the idea that rarely do things have only two states. Further prove of evolution at work. ;-p
The banksters themselves could be the cause and the reason. Only the banksters have reason to lose money that cannot be traced. By blaming some unknown "enemy", these banksters use the classic maneuver of mis-direction. No one would expect a den of thieves, liars and charlatans to steal from themselves and then claim not knowing their system that has been in place for hundreds of years.
The mind conceives, the body achieves, the spirit manifests.
Which indicates that the systems were running Windows XP which is the only OS out there with the autorun "feature". If you're using a Windows OS to run critical industrial facilities then you really deserve to be hacked and have your facility shut down. This system was never intended to do that.
If you want a secure setup use a decent Unix variant to run your servers; you can even have them accessible from the outside if you know what you're doing.
That is false, I'm afraid.
A guy at IBM did an online presentation about that. Ubuntu, by default, comes with thumbnail generation activated by default when you insert a USB drive (no autorun, though). After that, he took advantage of a few shortcomings of PDF and video which, combined with this default conf, escalated his privileges all the way to root. Lost the video link, maybe other /.ers may help.
Conclusion: the choice of OS is not, by itself, a security measure. Servers running Windows can be secure, as you said, if you know what you're doing. I agree with you on that: don't put amateurs to manage your servers, be them Unix-like or Windows.
I rarely respond to comments. Also, don't ask for clarifications: a brain and Google are faster, believe me!
You do realize that you are batshit insane, right?
Oh. I agree with you.
Technology as a control will never trump every unexpected or incompetent use of any system.
That's the difference in InfoSec between the POV of a Security Technologist and a Security Practitioner. ;-)
"Flyin' in just a sweet place,
Never been known to fail..."
Interesting read, however in this case just as in the case of DOS boot sector viruses mentioned in another response, the problem stems from the propensity of Microsoft operating systems to automatically execute code on behalf of the user, which makes sense for an end-user systems oriented towards non-technical savvy users but is totally uncalled for in a production environment. Unix doesn't have any such feature, and rightly so; this kind of attack would have been infinitely more difficult, if not impossible to convey on any serious server system. The only justification for running a Windows server is a production environment is really incompetence IMHO.
U.S. has the capability to sustain itself without reliance of foreign goods. It is just the stupid laws that restrict them.
If we lower the standard of living (which we don't deserve it anyway) to the level of Vietnam and Cambodia then we will have lots of jobs.
All it have to do is just print money and immediately pay off all bonds and debt. Send the money necessary to the state and local government so they can do the same. Forget about credit rating We don't need credit. We don't buy foreign goods so we don't worry about the exchange rate of US dollar.
The only people that worry about flunking worth of the U.S. dollar are the stiff white trash that travels to Europe for leisure reasons. We "minorities" here doesn't care because we don't need to get Pounds/Euros. I have no problem going $10 = 1 Euro if it means the national debt is paid off with printed money.
As for the IMF, we all know it is part of the Jew World Order trying to plunder the the third world so to become their slaves, according to the Talmud. In fact, they are finally fed up with the pace of the enslavement and now attempting to put a Israeli in charge of IMF since the previous guy got set up and politically persecuted in New York.
Lucky we have countries such as China, loved by many of the 3rd world nations, and it is our only hope to defeat the old world lead by the white man and the Jews which brings us slavery, disease and war.
Twitter: @dainsanefh
Schedule an appointment with a psychologist. I am not kidding - you are ill, and you need help.
In the days of MS/PC/4/IMB-DOS malware (like "del. > nul" in a setup.bat) on floppy drives required the user to actually execute the .exe/.com/.bat file.
And what does that have to do with autoplay? If you use a USB drive, you usually use it because you want to access the data on it. In that aspect, I don't see any difference between a floppy and a USB drive. If an infection was possible using a floppy disk, why wouldn't it work using a USB drive? Whether it is an infected executable, modified data that triggers a buffer overflow in a program that reads it, or a boot sector type virus.
Other thing I was trying to point out is the fact that you actually don't need to wait for the device to be mounted. With USB, the computer communicates with the device for quite a while in order to determine what kind of device it is, what kind of filesystem it has, etc. Theoretically there is a possibility for infection at any time during this process. Thinking that just because you don't have autoplay you are save is, IMHO, stupid.
AccountKiller
Poor people/countries (e.g. countries that don't own significant shares in IMF's banking system or ones that don't take their "advice"). Fuck em' and fuck their "let the free hand reign" bullshit. All the free market means is free money for those that already have it.
Atlas Shrugged : Thematic Story
In the days of MS/PC/4/IMB-DOS malware (like "del. > nul" in a setup.bat) on floppy drives required the user to actually execute the .exe/.com/.bat file.
And what does that have to do with autoplay? If you use a USB drive, you usually use it because you want to access the data on it. In that aspect, I don't see any difference between a floppy and a USB drive. If an infection was possible using a floppy disk, why wouldn't it work using a USB drive? Whether it is an infected executable, modified data that triggers a buffer overflow in a program that reads it, or a boot sector type virus.
Other thing I was trying to point out is the fact that you actually don't need to wait for the device to be mounted. With USB, the computer communicates with the device for quite a while in order to determine what kind of device it is, what kind of filesystem it has, etc. Theoretically there is a possibility for infection at any time during this process. Thinking that just because you don't have autoplay you are save is, IMHO, stupid.
No dispute there. I expressed myself poorly. (please accept my unreserved apologies) I meant (and I've explained it better earlier, further down in this thread) that malware requires users to propagate. Disclaimer I run *nix. Relying on the OS to keep data safe is a user failing.
And yes - you are perfectly correct. Boot sector infections were common. It used to be amusing to replace the DOS boot sector error message with "Hello McAfee" just to see mcafee's crap signature identification call it a virus.
Thinking that just because you don't have autoplay you are safe is, IMHO, stupid.
Yes (again, and I've covered the "stupid" bit in another post). The exact name escapes me (USB switchblade?) but one of the projects developed as a result of the COFEE leak does just that - and it doesn't use the same mechanism as Stuxnet.
@DrBoumBoum *nix is quite capable of autoplay. Many of the current main distros prompt the user to associate actions with device detection events - and only last week I came across another setuid stupidity. Combine the two and it's a disaster. Just because our beloved OS separates the toilet from the kitchen there's always some 'tard that knock down the intervening wall. Spend a little time on the forums and see how many people run a desktop as root. (sigh). Sometimes I suspect the helmet, knee pads, elbow pads, and gloves mentality makes people complacent (a risky OS might make people more cautious.
At last, the bully country is scared of somebody. The tides are turning. I for one welcome our new communist overlords. How much worse than the US reign can it be? http://www.summeringbrands.com/
best online shop http://www.summeringbrands.com/ summer brand wholesale underwear discount sunglasses