IMF Computers Said to Lose E-Mails in State-Based Attack
June 11 (Bloomberg) -- The International Monetary Fund's computer system was attacked by hackers believed to be connected to a foreign government, resulting in the loss of e-mails and other documents, according to a person familiar with the incident.
Data was taken in the attack, according to the person, a security expert who couldn't be identified because he wasn't authorized to speak on the subject. He didn't say which government is thought to be behind the incident, which he said occurred before former Managing Director Dominique Strauss-Kahn was arrested for sexual assault on May 14.
The infiltration follows reported hacks at Google Inc., Sony Corp., Lockheed Martin Corp. and Citigroup Inc. in the past three months. The FBI has said it would increase efforts to combat cyber attacks by criminal gangs, industrial spies and foreign governments. Yesterday, Spanish police arrested three suspected members of the online hacking group Anonymous, which has said it carried out attacks on governments and websites belonging to Sony and MasterCard Inc.
"The Fund is fully functional," David Hawley, an IMF spokesman, said today in an e-mailed statement. "We are investigating an incident. I am not in a position to elaborate further on the extent of the cyber-security incident."
The attack was reported earlier by the New York Times.
The Federal Bureau of Investigation had no immediate comment, nor did Charles Miller, a U.S. Justice Department spokesman. Phone calls and e-mails to the Department of Homeland Security and Central Intelligence Agency weren't immediately returned.
Strauss-Kahn
Strauss-Kahn has pleaded not guilty and is free on bail in New York awaiting trial. The Washington-based IMF, which is seeking a replacement for Strauss-Kahn, approved a record $91.7 billion in emergency loans last year and provides a third of bailout packages in Europe.
Internal IMF memos obtained by Bloomberg warned employees to be on their guard after a computer at the fund was "compromised."
"Last week we detected some suspicious file transfers, and the subsequent investigation established that a Fund desktop computer had been compromised and used to access some Fund systems," said a June 8 e-mail to employees from Chief Information Officer Jonathan Palmer. "At this point, we have no reason to believe that any personal information was sought for fraud purposes."
World Bank Quarantined
The memo, which included advice on how to detect and report hacking attempts, said the IMF's network connection to the World Bank was severed "as a precautionary measure." The intrusion wasn't connected to an attack by Anonymous, the memo said.
On June 1, the IMF's information technology department sent an e-mail to employees with the subject line "Important Notice: Virus Attacks." It warned of attempts to hack into the system.
"Staff are strongly requested NOT TO OPEN emails and video links without authenticating the source," the e-mail said. The capitalization is in the original message.
The fund told employees June 8 that it would replace their RSA SecurID tokens. EMC Corp.'s RSA security-systems unit offered to swap the tokens after a breach of its own network, disclosed in March, resulted in the theft of RSA data. A SecurID device is shaped like a key fob or a computer-memory stick and generates random-number passwords used to gain access to a computer network.
'Phishing' Expedition
"Nothing indicates that the SecurID tokens played a role in this intrusion," according to the IMF memo.
A June 9 e-mail from Palmer warned employees of "increased phishing activity." Phishing is the practice of obtaining information such as computer user names or passwords under false pretenses. Palmer's message included further instructions on how to detect and respond to cyber-attackers, warning employees not to divulge their passwords or open "unexpected documents."
"Exercise caution to protect yourself from cyber sharks!" Palmer wrote.
To contact the reporters on this story: Sandrine Rastello in Washington at srastello@bloomberg.net Michael Riley in Washington at michaelriley@bloomberg.net Joshua Gallu in Washington at jgallu@bloomberg.net .
To contact the editors responsible for this story: Christopher Wellisz at cwellisz@bloomberg.net Lawrence Roberts at lroberts13@bloomberg.net Michael Hytha at mhytha@bloomberg.net .
Find out more about Bloomberg for iPad: http://m.bloomberg.com/ipad/