United Nations agency 'hacking attack' investigated

UNDP website The United Nations Development Programme says it is "in the process of validating this claim"

Related Stories

A group of hackers has posted more than 100 email addresses and login details which it claimed to have extracted from the United Nations.

Many of the emails involved appear to belong to members of the United Nations Development Programme (UNDP).

The group, which identified itself as Teampoison, attacked the UN's behaviour and called it a "fraud".

A spokeswoman for the UNDP said the agency believed "an old server which contains old data" had been targeted.

"The UNDP found [the] compromised server and took it offline," said Sausan Ghosheh.

"The server goes back to 2007. There are no active passwords listed for those accounts.

"Please note that UNDP.org was not compromised."

'Leak'

The details were posted on the website Pastebin under the Teampoison logo.

The message preceding the login details accused the UN of acting to "facilitate the introduction of a New World Order" and asked "United Nations, why didn't you expect us?"

Many of the email addresses given end in undp.org, but others appear to belong to members of the Organisation for Economic Co-operation and Development (OECD), the World Health Organisation (WHO) and the UK's Office for National Statistics (ONS).

The poster noted that several of the accounts had "no passwords".

The message ended with the taunt: "The question now is how? We will let the so called 'security experts' over at the UN figure that out... Have a Nice Day."

Pastebin website The poster claimed the usernames and passwords had been sourced from the UN
Credit card attacks

The security company Sophos noted that Teampoison hackers had previously attacked the maker of the Blackberry smartphone's website and had published private information about former UK Prime Minister Tony Blair.

"Teampoison recently announced they were joining forces with Anonymous on a new initiative dubbed 'Operation Robin Hood', targeting banks and financial institutions," the firm's senior technology consultant, Graham Cluley wrote on Sophos's blog.

The groups said at the time that their operation aimed to take money from credit cards and donate it to individuals and charities.

They said people would not be harmed as the banks had to refund fraudulent charges.

Teampoison added a "shoutout" to Anonymous in its UN attack posting, adding a link to a Youtube video with more information about its banking attack plan.

These latest moves serve as a reminder that so-called hacktivists are skilled and willing to collaborate to take down their targets, according to Professor Alan Woodward from the University of Surrey's department of computing.

"One of the big problems is that there is so much data around that people forget about their older systems that still have valuable data on them," he said.

"The lesson here is that anything that holds any data of any value must be protected."

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • Witley Court in Worcestershire Abandoned mansions

    What happened to England's lost stately homes?


  • Tray of beer being carried10 Things

    Beer is less likely to slosh than coffee, and other nuggets


  • Spoon and buckwheatSoul food

    The grain that tells you a lot about Russia's state of mind


  • Woman readingWeekendish

    The best reads you need to catch up on


  • Salim Rashid SuriThe Singing Sailor

    The young Omani who became a pre-war fusion music hit


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.