A number of servers at the World Bank Group were repeatedly breached for more than a year by different intruders but it is not clear how much data might have been compromised in the attacks, Fox News reported Friday.
The story, the details of which were contested by the World Bank after it ran, quotes unnamed sources as saying the banking group was victimized by at least six major intrusions from the Summer of 2007 through September of this year.
At least two of the intrusions appear to have originated from the same batch of IP addresses within China, the report said. The first of the intrusions, from China, was discovered in Sept. 2007 when the FBI apparently informed the bank of the problem which it discovered while it was conducting an unrelated investigation. It apparently allowed the perpetrators to gain full and complete access to a secret data hub maintained by the organization in Johannesburg, South Africa for a period of at least six months, the Fox News story said.
Another of the breaches, this time involving the bank's treasury network in Washington DC, appears to have been perpetrated by a contractor or contractors working for India's Satyam Computer Services, the story said. The Satyam employee or contractor infected some workstations at the banks headquarters in Washington with keystroke logging software, which then sent any information it captured to a still unknown location.
Following the discovery of the breach, the World Bank Group immediately shut down its communication link with Satyam's offshore development center in Chennai, India. Satyam, one of India's largest IT services companies, has been handling several IT services functions for the World Bank since July 2003. The contract was due to be renewed this September but was allowed to lapse.
Jim Swords, a US-based spokesman from Satyam, declined to comment on the status of the contract with the World Bank. He read a prepared statement to Computerworld in response to the initial report. The statement basically neither confirmed nor denied the details in the Fox report.
"Upon learning of this report today senior executives initiated an internal investigation to determine the validity of these claims, however unlikely. We will share the findings of the investigation at the conclusion of these efforts," the statement said.
Another pair of intrusions, in June and July, originated from the same group of IP addresses in China as the first attack had come from. This time, however, whoever was behind the attack first compromised an external server run by one of the bank's units and used it to gain access to a server belonging to the Multilateral Investment Guarantee Agency (MIGA), the World Bank's insurance arm.
The hackers used their access to basically map out the entire system topography, including the types of servers and the types of files on the servers, the Fox report said, quoting an unnamed insider.
The story also contained a link to a purported internal World Bank memo, dated July 10, that appeared to be an update to some staff about the June/July server breach. The memo noted that a "minimum of 18 servers had been compromised in total, including a domain controller, the main authentication server and a Human Resources server containing scanned images of staff documents. In total, five of the compromised servers contained sensitive data, the memo noted. The intrusions appear to have been the work of someone using an senior system's administrator's account to gain access.
The story portrayed the breaches as having triggered an extensive internal investigation by the World Bank's technology group and least two security assessments by external firms.
A spokeswoman at the World Bank asked Computerworld to submit a request for comment via e-mail, but then did not respond to two subsequent messages seeking clarification on the initial news report.
However, in a response apparently sent to Fox News after it ran the story, the bank said the story was wrong and riddled "with falsehoods and errors." It also said the unnamed sources had provided misinformation, and that the leaked e-mails that were linked to the Fox story had been taken out of context.
The World Bank has also sought to downplay the seriousness of the intrusions by saying that it has been repeatedly attacked in the past, but at no point had any sensitive or personnel information been compromised.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Controlling storage costs with Oracle database 11g
Making the Business Case for IT Consolidation
Email Archiving 101—Customer Case Study
Best Practice in Building an Integrated Information Management Strategy
The state of Middleware
Achieving the impossible: Unlimited application scalability
Everything you need to know about email and web security (but were afraid to ask)
Enterprise Wireless WLAN Security
- White PaperYour organisation may well have devised and implemented an Acceptable Use Policy (AUP) some time ago in order to guard against the risks of inappropriate use of computer systems by your workers, but are you confident that your AUP remains 'fit for purpose'? Read on to discover how you can enhance the effectiveness of your AUP.
- White PaperJoin industry expert Martin Tuip to discover best practice strategy for the archival and removal of .PST files using email archiving. Learn how to ensure long-term email records are there when needed, and reduce the risk to your business and clients.
- White PaperDiscover how the integration of disparate technologies in your company can lead to greater user productivity, improved management, lower costs, higher efficiency, and easier risk mitigation.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
SOA What? Why You Need SOA Governance Framework 04 December, 2008 08:32:00
Adopting services oriented architecture (SOA) in your enterprise without thinking through IT governance can cause something like the Gold Rush in the 1800s; extreme rates of growth and minimal law and order which produce unexpected outcomes. - +
The Myth of Cloud Computing 04 December, 2008 08:25:00
Why the rapid spread of virtual technology is becoming a security riskWhy the rapid spread of virtual technology is becoming a security risk. - +
Who Pushed Vendors Toward Better Security? 04 December, 2008 09:38:00
Hint: It had something to do with pressure from customers and government agencies, writes Oracle CSO Mary Ann DavidsonHint: It had something to do with pressure from customers and government agencies, writes Oracle CSO Mary Ann Davidson. - +
CPO & CISO: A Comprehensive Approach to Information 04 December, 2008 08:42:00
GE CPO Nuala O'Connor Kelly advocates greater CPO/CISO cooperation to place the right value on information assets.GE CPO Nuala O'Connor Kelly advocates greater CPO/CISO cooperation to place the right value on information assets. - +
Security Culture: Americans are Ferengis, Europeans are Vulcans 04 December, 2008 08:32:00
Lunch table conversations tell a lot about the culture of security in Europe and the USLunch table conversations tell a lot about the culture of security in Europe and the US.
International researchers gather in Sydney to preview the clever web 05 December, 2008 09:48:00
Borderless corporate networks to shift focus to secure content management in Australia in 2009 04 December, 2008 16:06:00
IDC Says Asia/Pacific Excluding Japan IT Market Will Remain The Bright Spot... 04 December, 2008 15:04:00
MySpot SOS "Panic Button" Smartphone Application could save lone worker lives 04 December, 2008 13:34:00
Charles Sturt University Commences Unified Communications Deployment With Interactive Intelligence 04 December, 2008 08:30:00
|
||
|
||
|
|
||
|
Delivering the Power of Choice with Microsoft Dynamics CRM
Join Ed Thompson, Research VP, featured analyst firm, Gartner, Inc., and Brad Wilson, General Manager CRM Microsoft Dynamics, for a new webcast, Delivering the Power of Choice with Microsoft Dynamics CRM, available now. Our panel will break down the best practices for getting the most out of CRM and you'll learn key recommendations you can implement in your organization. Additionally, you'll also hear Microsoft's vision for CRM.
Buying Guides
Latest Products
Buying Guides
