IMF investigates suspected attack on its computers
By Howard Schneider and Ellen Nakashima,
The International Monetary Fund’s computer system was invaded by hackers recently, a potentially sensitive breach of a system that analyzes confidential information about the finances of most of the world’s economies.
The scope and significance of the cyberattack are still being evaluated, but it marks the third recent raid on a major government financial institution.
The attacks come at a time when world economic officials are debating possible changes to currency rules, developing new regulations for banks and financial institutions, and crafting guidelines for the management of the world’s top economies — issues that make inside information extremely valuable to an investor or an interested government.
IMF officials provided few details about the cyberattack, which occurred as the agency is wrestling with complex and contentious financial rescue programs in several European nations that have required painful cuts in social spending. The organization is also pressing nations such as China to reform their financial and currency policies.
There was “an incident of intrusion into our IT system,” IMF spokesman David Hawley said Saturday. “We are investigating, and the fund is fully functional.”
The hack was “recently detected,” Hawley said, but he would not discuss when the intrusion occurred, how long it lasted, or the nature or amount of data that might have been compromised.
A U.S. Treasury Department spokeswoman said there was no reason to believe that sensitive information about the U.S. economy was jeopardized. The FBI will help investigate the incident, the Reuters news service reported late Saturday, citing a Defense Department spokeswoman.
IMF employees were told of the potentially serious “phishing” attack, first reported in the New York Times, in a memo on Wednesday. Staff members were given “the usual reminders” about computer security, Hawley said.
An intranet that links the IMF with the nearby World Bank was temporarily disconnected, according to a bank official who said the step was taken “out of an abundance of caution,” and that the link included only “nonpublic, nonsensitive” information that allowed the two agencies to continue coordinating their work.
Depending on the type of information involved, the potential for disruptions to international markets is significant. Ongoing bailout talks in Greece, for example, hinge on whether private holders of Greek bonds will be forced to accept losses before the IMF and other European nations lend any more money to the deeply indebted nation.
Documents that shed light on the IMF’s position — or provide confidential information on the finances of Greece or other nations — could be used by traders to profit.
The hacker group Anonymous recently called for an attack on the IMF’s computers “in opposition to the corrupt Austerity Plans of the Greek Government leaders and the International Monetary Fund.” IMF officials this month said they were taking steps to guard against such an attack.
Hawley said fund investigators do not think the group was involved in this incident.
Computer security experts say the brazen acts of economic espionage highlight the difficulty of protecting networks at sensitive organizations such as the IMF despite heightened efforts to defend against the theft of information.
A pattern of cyber-espionage against key economic policymaking institutions has emerged in recent years, and some experts believe China has been involved.
“Attacks are often associated with decision-making related to issues such as Chinese exchange-rate policies or trade practices,” said John Mallery, a cyber expert at the Massachusetts Institute of Technology.
Two years ago, sensitive data were taken from the computers of senior U.S. Treasury Department officials before a U.S.-China economic dialogue, said an expert with knowledge of the intrusion.
The incident — using a tactic known as “spear phishing” that targets specific employees — involved carefully forged documents or very sophisticated malicious software, or malware, e-mailed to Treasury officials from the computers of unsuspecting government employees, the expert said. Federal investigators believe that attack originated in China, the source said.
Investigators have linked other attacks to computers in China — servers that may have been operated by Chinese officials or residents, or may have been way stations for hackers operating from elsewhere. Canada’s Treasury Board and Finance Ministry were targeted in January, and France’s Finance Ministry was hacked in December by someone hunting for files related to a February meeting of officials from the Group of 20 top economic powers.
James Mulvenon of the Defense Group Inc.’s Center for Intelligence Research and Analysis said cyber-espionage “is mature enough that they could use it to get near real-time intelligence.” It is not against international law, Mulvenon said, and “you’re never going to be able to enshrine in a treaty anything that restricts a country’s right to commit espionage.”