A cyberattack on the International Monetary Fund has been linked to a foreign government. As a result, the World Bank has severed a connection with the IMF, which holds sensitive information. Observers suspect the attack may be related to the recent data theft from RSA Security, which is apparently used by IMF and the World Bank.
As if the International Monetary Fund (IMF) didn't have enough problems after the arrest of its managing director on a sexual-assault charge, now the giant organization has been hacked. Last week, the IMF told its staff and board of directors that it had suffered "a very major breach," and a new report indicates the attacker may have been connected to a foreign government.
According to the initial report in Saturday's New York Times, the attacks took place over the last few months. The fund hasn't made any public announcement, although a spokesperson told the Times on Saturday that an incident is being investigated, and the fund is "fully functional."
Bloomberg News reported Sunday that, according to an unidentified security expert, the attack is believed to have been connected to an unnamed foreign government.
The IMF has been centrally involved in the financial crises of Ireland and Greece, and its databases contain highly sensitive financial information about those economies and others. Release of that information could lead to political crises and impact world markets.
To protect its own sensitive financial information, the World Bank reportedly has severed the direct connection it had with the IMF. That link allows the organizations to share data and hold meetings, not to obtain confidential information, but a World Bank spokesperson told news media that the action was taken out of "an abundance of caution."
Some observers have speculated that the attack could have been related to a security breach at RSA Security several months ago. It's expected that both the IMF and the World Bank use RSA security technology.
There has been speculation that the attack resulted from "spear phishing," in which an employee is tricked into clicking on a link that leads to a malicious web site or to a malware download.
Citigroup, Lockheed Martin et al
The attack is just the latest in a series of major security breaches of large organizations. Recently, more than 200,000 Citigroup cardholders' personal information was stolen from the company's web portal. Earlier this month, Google announced that a hacking campaign to steal Gmail usernames and passwords, including those of U.S. government officials and Chinese political activists, originated from China.
Lockheed Martin reported an attack last month, which it said was unsuccessful in obtaining confidential data. The company said the attack was based on security tokens obtained in the hacking of RSA Security. RSA was hacked in March in what it described as an "extremely sophisticated cyberattack."
Epsilon, a large e-mail marketer, suffered a security breach in April in which confidential customer information was obtained for a variety of major corporations, including Citigroup, JPMorgan Chase, and Capital One.
And perhaps the most publicized recent security breach has been the numerous attacks on Sony's PlayStation Network, Qriocity service, and Sony Online Entertainment, among other Sony properties. Those networks were offline for weeks, and confidential customer information was stolen.