IMF reveals cyber attack: Organisation under assault for months
The International Monetary Fund has become the latest, and potentially the most serious, victim of an attack by computer hackers.
The organisation, which has been orchestrating the sensitive bailouts of European governments and dealing with the fallout from an attempted rape charge against its former boss, had been under assault for several months, it discovered last week.
The fund told staff that its computer system had been compromised, but did not make a public announcement. It is still trying to discover the extent of the attack, its source and its motives. Yesterday, it would say only that the fund remains "fully functional".
In an internal memo, IMF chief information officer Jonathan Palmer said: "Last week we detected some suspicious file transfers, and the subsequent investigation established that a Fund desktop computer had been compromised and used to access some Fund systems. At this point, we have no reason to believe that any personal information was sought for fraud purposes."
The IMF is the organisation for governments that find themselves on the verge of financial crisis, so the discovery of the attack caused concern that sensitive information about the finances of governments might have fallen into the wrong hands. Speculators trading currencies or government bonds on the global financial markets could make profitable use of such stolen information, while internal political opponents and foreign intelligence services could also find explosive information about government dealings with the fund.
Also under suspicion is the "hacktivist" group Anonymous, a loose affiliation of hackers who have taken aim at companies and organisations over several years. Its high-profile attacks have stepped up since the controversy over WikiLeaks's publication of leaked military and diplomatic documents. Last month, Anonymous condemned the Greek government and the IMF for accepting a €110bn bailout package that was conditional on cutting public services, without letting citizens vote on the agreement.
The deal – and a second deal now under negotiation with the IMF and other eurozone governments – subjects the people of Greece to "prolonged poverty and a dramatic decrease in their standards of living", Anonymous said. "The people of Greece have been left with no other option than to take to the streets in a peaceful revolution against the economic tyrants that are the IMF."
The IMF said at the time of the Anonymous threat that it was taking action to strengthen its systems against hackers.
The attack began before the arrest of the IMF's managing director, Dominique Strauss-Kahn, in New York on 14 May on charges that he attempted to rape a hotel maid. He resigned his post and is now under house arrest in a rented house in Manhattan, awaiting trial.
The French finance minister Christine Lagarde is the front-runner to replace him, after nominations closed last Friday. A surprise candidate, Stanley Fischer, a governor of the Bank of Israel and former IMF deputy chief, has also put his name forward, though his bid is seen as a long-shot because he is both above the formal age limit of 65 and a US citizen. The US already holds the top post at the World Bank, the IMF's sister organisation.
Jeff Moss, a veteran computer hacker who worked under the pseudonym The Dark Tangent and who advised the Obama administration on cyber-security, said he believed the IMF attack could have been conducted on behalf of a nation-state looking to either steal sensitive information about key IMF strategies or embarrass the organisation to undermine its clout. He told Reuters it could inspire attacks on other large institutions. "If they can't catch them, I'm afraid it might embolden others to try," he said.
On Friday, Spain arrested three people it said were members of Anonymous, on suspicion of being part of the attacks on the websites of Banco Bilbao Vizcaya Argentaria, the country's second biggest bank, and Enel, the Italian owner of Spanish power company Endesa.
Over the weekend, access to the website of Spain's national police force was blocked in an apparent reprisal attack by hackers. On its Twitter feed, Anonymous had warned the Spanish authorities: "We are Legion, so EXPECT US."
By Leo Hornak
* Lockheed Martin, one of the world's largest defence contractors, said that it had repulsed a sustained hacking attack on its website on May 21. The Pentagon, one of Lockheed Martin's main clients, said that its operations had been unaffected.
* Sony has been hit by three major hacking operations this year.
* Citigroup revealed last week that credit card details of about 210,000 of its North American customers had been broken into by hackers in May.
* The Pentagon's email system was successfully hacked in 2007 with 1,500 email accounts taken offline. In 2008 a more serious attack inserted malicious software onto the main computer for US Central Command.