Washington/Boston - The International Monetary Fund (IMF),
the intergovernmental group that oversees the global financial system and
brings together 187 member nations, has become the latest known target of a
significant cyber attack.
A cybersecurity expert who has worked for both the
Washington-headquartered IMF and the World Bank, its sister institution, said
the intruders' goal had been to install software that would give a nation-state
a "digital insider presence" on the IMF network.
Such a presence could yield a trove of non-public economic
data used by the Fund to promote exchange rate stability, support balanced
international trade and provide resources to remedy members'
balance-of-payments crises.
"It was a targeted attack," said Tom Kellerman,
who has worked for both international financial institutions and who serves on
the board of a group known as the International Cyber Security Protection
Alliance.
The code used in the IMF incident was developed specifically
for the attack on the institution, said Kellerman, formerly responsible for
cyber-intelligence within the World Bank's treasury team and now chief
technology officer at AirPatrol, a cyber consultancy.
The attack on the IMF was the latest to become known in a
rash of cyber break-ins that have targeted high-profile companies and
institutions, often to steal secrets with potentially far-reaching economic
implications. The list of victims includes Lockheed Martin, Sony and Citigroup.
IMF spokesperson David Hawley said on Saturday the Fund was
"fully functional," despite the attack.
"I can confirm that we are investigating an incident," he said, adding that he was not in a position to elaborate on the extent of it. He declined to respond to requests for comment on Kellerman's conclusion about the intruders' goal.
The US Federal Bureau of Investigation is helping to
investigate the attack on the IMF, according to a US Defense Department
spokesperson
Difficult to prove
A World Bank official said the Bank had cut its network
connection with the IMF out of "caution" even though the information
shared on that link was "non sensitive."
Rich Mills, a Bank spokesperson, said "the World Bank
Group, like any other large organisation, is increasingly aware of potential
threats to the security of our information system and we are constantly working
to improve our defenses."
Jeff Moss, a self-described computer hacker and member of
the Department of Homeland Security Advisory Committee, said he believed the
attack was conducted on behalf of a nation-state looking to either steal
sensitive information about key IMF strategies or embarrass the organisation to
undermine its clout.
He said it could inspire attacks on other large
institutions. "If they can't catch them, I'm afraid it might embolden
others to try," said Moss, who is chief security officer for ICANN.
But cyber security experts cautioned it might be difficult
for investigators to prove which nation was behind the attack.
"Even developing nations are able to leverage the
internet in order to change their standing and ability to influence," said
Jeffrey Carr, author of the book, "Inside Cyber Warfare."
"It's something they never could have done before
without gold or without military might," Carr said.
Experts say cyber threats are increasing worldwide. CIA
Director Leon Panetta told the US Congress this week the United States faced
the "real possibility" of a crippling cyber attack.
"The next Pearl Harbor that we confront," he said,
could be a cyber attack that "cripples our power systems, our grid, our
security systems, our financial systems, our governmental systems."
"This is a real possibility in today's world,"
Panetta told a confirmation hearing in his bid to become the next US defense
secretary.
'Suspicous file transfers'
Bloomberg News reported the attack occurred before the May
14 arrest of former IMF Managing Director Dominique Strauss-Kahn on sexual
assault charges. It resulted in the loss of e-mails and other documents,
Bloomberg said.
The New York Times cited computer experts as saying the
IMF's board of directors was told of the attack on Wednesday, though the
assault had lasted several months.
An Internal IMF memo issued on Wednesday warned employees to
be on their guard.
"Last week we detected some suspicious file transfers,
and the subsequent investigation established that a Fund desktop computer had
been compromised and used to access some Fund systems," said a June 8
email to employees from Chief Information Officer Jonathan Palmer.
Details of the email were first reported by Bloomberg.
Reuters' sources confirmed the wording of the email.
"At this point, we have no reason to believe that any
personal information was sought for fraud purposes," the message to
employees said.
Lockheed Martin Corp, the Pentagon's No. 1 supplier by sales
and the biggest information technology provider to the U.S. government,
disclosed two weeks ago that it had thwarted a "significant" cyber
attack. It said it had become a "frequent target of adversaries around the
world."
Also hit recently have been Citigroup, Sony and Google.
The IMF is seeking a new head following the resignation of Strauss-Kahn after he was charged with the sexual assault of a New York hotel maid.