The New York Times reported yesterday that the International Monetary Fund (IMF) suffered what one unnamed official there called a "very major breach." The Times said, however, that an IMF spokesperson "declined to provide details or talk about the scope or nature of the intrusion."
The incident reportedly caused the IMF as a precaution to cut the computer link it has to the World Bank with which it shares some information.
A Bloomberg News story today reported that a security expert supposedly familiar with the attack claimed that it was directed by an unnamed foreign government. The attack, this person says, accessed emails and a "large quantity of data."
The person also claimed that the attack took place before the 14th of May. Internal IMF memos that Bloomberg was able to review say that on the 1st of June, the IMF IT department sent memos to employees warning them of virus attacks aimed against IMF computer systems.
On the 8th of June, Bloomberg reports that the IMF Chief Information Officer Jonathan Palmer wrote in a memo to IMF employees that:
"Last week we detected some suspicious file transfers, and the subsequent investigation established that a Fund desktop computer had been compromised and used to access some Fund systems... At this point, we have no reason to believe that any personal information was sought for fraud purposes."
The information in these internal IMF memos don't seem to line up with the claim that the breach occurred before 14 May, however. The memos make it look like there was another successful attack in early June. Maybe more details will emerge in the next few days to clarify the timeline.
Another thing that was a bit strange was this Reuters report from last night that quoted a US Department of Defense spokesperson as saying that the US Federal Bureau of Investigation had been called into investigate. Why a DoD spokesperson would be speaking about what the FBI was or was not investigating is unusual, to say the least.
Furthermore, the FBI wouldn't confirm its involvement in investigating the IMF cyber attack according to today's Bloomberg story.
This IMF attack seems to be following a familiar pattern of targeting government-related financial information. In January , Canada's Treasury Board and Department of Finance were fending off cyber attacks. The attacks forced the two departments off the Internet for weeks.
Also in March, Australian Prime Minister Julia Gillard's email and the emails of as many as 10 other government ministers, including the Foreign and Defense ministers, were reportedly successfully hacked for most of the month February.
The speculation that all three of these attacks originated in China, which the Chinese government has denied.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.