IMF data leak: Chief suspect China; World Bank runs

PRC flag

By Richi Jennings (@richi) - June 13, 2011.

In the ongoing story about the International Monetary Fund (IMF) data leak hack, more and more commentators are fingering China as the chief culprit. The data could be extreme powerful in the wrong hands, and the World Bank is keeping its distance. In IT Blogwatch, bloggers also search for Dominique Strauss-Kahn sexual assault allegations angles.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Hula-hooping from the hoop's point of view 2.0...

James Niccolai reports a report:

The scope of the attack remains unknown ... [but] the IMF ... is "the repository of highly confidential information about the fiscal condition of many nations," ... according to the New York Times. ... [It] appears unrelated to a March break-in at RSA Security that compromised its SecurID access system


An IMF spokesman confirmed ... the fund is investigating an "incident" but declined to give details. ... One unnamed official [said] it had been a "very major breach."


The IMF's computer systems include communications with national leaders ... negotiating the terms of international bailouts. ... One official referred to those agreements as "political dynamite." ... The IMF has not said where the attack originated.  

  Ian Paul adds, and hints:

The intrusion may have been the result of a spear phishing attack ... [which] typically works by tricking an employee into clicking on a link ... or downloading ... malware. ... [It] may have been the work of malicious hackers working for a foreign government,


[This] is just the latest in a string of high-profile attacks against ... organizations such as Google, Sony, Lockheed Martin, RSA Security, and CitiGroup.  

Kevin Voigt adds to the supposition:

Spearphishing was used in the recent attack on high-profile Gmail users ... which Google said emanated from mainland China – a charge Beijing denied.


The breach of the IMF could have been aimed at stealing sensitive inside information ... [that] has the power to move markets.  

Sharon Fisher is also careful to show balance:

We learned last week that a hacker in China reportedly obtained access to ... Gmail accounts ... of senior U.S. government officials, military personnel, Chinese political activists and journalists. ... (For the record, China denies any involvement.)


One might wonder how senior government officials could fall for ... a phishing attack, but this is somewhat more sneaky than the typical phish.  

  Peter Bright sparks rumors:

The breach lasted several months, with a source "familiar with the attack" [saying] the attack was the work of an unspecified foreign government. ... Other financial institutions such as the ... Canadian Finance Department and Treasury Board have also been the victim of data-theft hacks this year.


As a precautionary measure, the World Bank shut down its network connections to the IMF. ... The hacks predate the arrest of IMF Managing Director Dominique Strauss-Kahn on charges of sexual assault.  

Karen Friar cooks up this angle:

The IMF's staff were told that their RSA SecurID tokens would be replaced, though ... there were no indications ... that the tokens were used in the attack. The [IMF] also seems to have ruled out cybercriminals and the Anonymous group as culprits.  


There's an article from Peter Apps for that:

[The IMF] this weekend became the latest organisation to say it was probing an attempt to access its data and some security experts suspect a nation state.


Some have been tentatively traced to China ... experts suspect authorities both turn a blind eye to hackers ... using them for their own ends. ... Experts suspect China's rulers ... [want] young computer experts ... focussed on internal or external enemies rather than ... hacking the computers of those in charge in Beijing.  

Emma Woollacott cuts the crud, and comes straight out with it:

It's not known where the attack originated, although ... China is likely to come under suspicion.  


And Finally...
Hula-hooping from the hoop's point of view 2.0

[hat tip: Cory Doctorow]

Don't miss out on IT Blogwatch:

Richi Jennings, your humble blogwatcher

Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. He's the creator and main author of Computerworld's IT Blogwatch -- for which he has won American Society of Business Publication Editors and Jesse H. Neal awards on behalf of Computerworld. He also writes The Long View for IDG Enterprise. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: You can also read Richi's full profile and disclosure of his industry affiliations.

Copyright © 2011 IDG Communications, Inc.

Shop Tech Products at Amazon