IMF hit by 'very major' cyber security attack

Computer keyboard IMF told staff it had detected suspicious file transfers on its networks

Related Stories

The International Monetary Fund (IMF) says it has been targeted by a sophisticated cyber attack.

Officials at the fund gave few details but said the attack earlier this year had been "a very major breach" of its systems, the New York Times reports.

Cyber security officials said the hack was designed to install software to create a "digital insider presence".

The IMF, which holds sensitive economic data about many countries, said its operations were fully functional.

The cyber attack took place over several months, and happened before former IMF chief Dominique Strauss-Kahn was arrested over sexual assault charges.

"I can confirm that we are investigating an incident," said spokesman David Hawley.

"I am not in a position to elaborate further on the extent of the cyber security incident."

The New York Times said IMF staff had been told of the intrusion on Wednesday by e-mail, but that the Fund had not made a public announcement.

Analysis

The IMF is saying very little, beyond confirming that an incident has taken place, but on the face of it this looks like a serious attack on computer systems holding some very sensitive data.

The fact that the FBI has been called in, and that the neighbouring World Bank has severed its computer link to the IMF, show that it is being taken seriously.

An internal memo suggests that one particular desktop has been compromised - and security experts are speculating that an individual has been targeted with an email containing malware.

That could have enabled the attacker to gain access to the IMF's systems. What is not clear is whether any data was lost.

For an organisation already in crisis as it looks for a successor to Dominique Strauss-Kahn, the cyber-attack is yet another challenge. The IMF's members will be urgently seeking assurance that their data is secure and that the fund's defences are in good order.

The e-mail warned that "suspicious file transfers" had been detected and that an investigation had shown a desktop at the Fund had been "compromised and used to access some Fund systems".

There was "no reason to believe that any personal information was sought for fraud purposes," it said.

High profile breaches

A cyber security expert told Reuters the infiltration had been a targeted attack which installed software designed to give a nation state a "digital insider presence" at the IMF.

"The code was developed and released for this purpose," said Tom Kellerman, who has worked for the Fund.

Bloomberg quoted an unnamed security expert as saying the hackers were connected to a foreign government. However, such attacks are very difficult to trace.

The World Bank said it briefly cut its network connection with the Fund out "an abundance of caution".

"The World Bank Group, like any other large organisation, is increasingly aware of potential threats to the security of our information system and we are constantly working to improve our defences," said spokesman Rich Mills.

The incident is the latest in a string of high-profile cyber security breaches.

In April, the Sony Playstation network was shut down after hackers stole the personal data of about 100 million accounts and in May, US defence firm Lockheed Martin said it had come under a significant cyber-attack.

CIA Director Leon Panetta told the US Congress earlier this week that a large-scale cyber attack which would cripple power, finance, security and governmental systems was "a real possibility in today's world".

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More US & Canada stories

RSS

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.