IMF gets flamed without help from Anonymous

Bracing itself for attacks that may have been empty threats, IMF is penetrated by somone else

The good news for the International Monetary Fund this week is that, so far, it has avoided the attack by hactivist group Anonymous, for which it was preparing two weeks ago.

"We are aware of the threat, and have taken appropriate action," an anonymous executive with the International Monetary Foundation told the Wall Street Journal for a June 1 story about threats made by members of Anonymous who wanted to attack the IMF for its policies toward cash-strapped Greece.

Nice work, IMF (assuming some members of Anonymous, or proto-members, weren't just letting off a little of their own frustration on their personal favorite in a long list of potential Anonymous targets, attacks on which require more support than a small percentage of the membership).

While IMF was surviving, avoiding, or being ignored by Anonymous, it was being pretty thoroughly penetrated by someone else whose purposes and techniques are unclear.

Nevertheless, the hackers' nefarious purpose was "to steal insider information" according to a Reuters story whose editor was apparently so impressed with someone speaking with confidence he/she didn't notice the quote was too much a facepalm to run in the story, let alone become a headline that made Reuters look like it didn't know any more about cyberattacks than that they intended to attack something cyberially.

Read the rest of the story, and others by the NYT and a few other outlets, and you get a clearer picture of an exploit that probably involved spear-phishing targets within the IMF and installing malware after hooking one.

Read all the headlines and you'll just see more smoke – the kind of pollution you get when pundits with a lot of general knowledge keep talking even without knowing anything specific about the case at hand.

Here's a rundown of what we know:

June 8, according to Reuters, the IMF's CIO sent a memo to staffers saying IT security had tracked suspicious file transfers down to a desktop computer that had been compromised and used as a launch point to penetrate IMF servers.

IMF officers were notified of the attack last Wednesday, though it had been going on several months, according to the New York Times.

IMF officials didn't say whether they thought the attack came from criminals interested in using inside information to move or anticipate stock markets, or from a member country interested in using the information for a different benefit of its own.

It also declined to offer details on the exploit except to say some form of malware was involved and that its source is unclear.

They did say they didn't think digital IDs stolen from RSA were the key to the attack, as they were in one that penetrated Lockheed Martin recently.

The FBI is investigating (though it's not clear why the Pentagon felt the need to tell us this and the FBI didn't).

Many experts suspect the attack was backed by a government, probably China.

CIA director Leon Panetta told Congress June 9 the country faces a "real possibility" of a crippling attack on utilities, government facilities, financial and security systems.

Most experts theorize the malware infection resulted from a spear-phishing attack – a combination exploit China has used successfully in frequent attacks on U.S. government and financial institutions according the U.S. security officials.

They don't know for sure; or at least, if they do, they're not being allowed to give details that prove their information is more accurate than the rest of the hearsay.

Former World Bank security exec tom Kellerman is quoted all over the place as saying the attack was closely targeted and that it used sophisticated malware created to create a digital data-gathering presence inside secure networks.

He runs his own security company now, rather than the World Bank's security, so his specific knowledge of the malware involved is probably only one or two friend-of-a-friend-type sources closer to the real information than anyone else.

A government could use covert access to the IMF's computers to keep ahead of the steps the Fund and World Bank take to stabilize exchange rates, among other things, Kellerman said.

The memo announcing the breach to staff said many files were compromised, but that the IMF didn't believe any of the information taken was of the kind of sensitive or personal nature that would make identity theft likely.

Some experts are still wasting words blaming Anonymous for every hack and data breach from the IMF to the loss of the email address of that attractive sales rep they met at a conference in Vegas last month.

Odds are we won't ever know for sure who attacked the IMF, just as we don't know who launched Stuxnet against Iran.

The most likely culprit is the one that is the source of the highest number of high-profile breaches of government or financial-services data.

Ten years ago that might have been organized-crime groups in Eastern Europe, though they tended more toward online extortion and outright theft.

The current leader is China, which goes after exactly the kind of information a keylogger or data-acquisition program would get by sitting quietly inside a compromised desktop and listening as the IMF goes about its regular business.

Other countries – most of the Third World, which is much more heavily dependent on the IMF and World Bank than the First World, would be interested, but might have fewer all-but-provable attacks on the record against Western targets.

Russia and other former eastern-bloc countries are also possible candidates, though less likely than Iran, China or one of the other powerful, wealthy, technologically savvy nations elbowing each other for a better spot in the international hierarchy.

That approach would be too unlikely to turn up data that could turn an immediate profit to satisfy plain old mafiosi.

It's way too quiet and non-confrontational for groups like Anonymous, which protest by bringing down public sites with as much noise and fury as possible.

Besides, the IMF was ready for them.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon