The International Monetary Fund’s computer system was targeted by hackers, believed to be connected to a foreign government, who retrieved e-mails and other documents, according to a person familiar with the attack.
The incident occurred before former Managing Director Dominique Strauss-Kahn was arrested for sexual assault on May 14, according to the person, a security expert who couldn’t be identified because he wasn’t authorized to speak on the subject. He didn’t say which government is thought to be behind the intrusion, which he said involved the removal of a “large quantity” of data.
The infiltration follows reported hacks at Google Inc., Sony Corp., Lockheed Martin Corp. and Citigroup Inc. in the past three months. The FBI has said it would increase efforts to combat cyber-attacks by criminal gangs, industrial spies and foreign governments. On June 10, Spanish police arrested three suspected members of the online hacking group Anonymous, which has said it carried out attacks on governments and websites belonging to Sony and MasterCard Inc.
“The Fund is fully functional,” David Hawley, an IMF spokesman, said yesterday in an e-mailed statement. “We are investigating an incident. I am not in a position to elaborate further on the extent of the cyber-security incident.”
The attack was reported yesterday by the New York Times.
The Federal Bureau of Investigation had no immediate comment yesterday, nor did Charles Miller, a U.S. Justice Department spokesman. Phone calls and e-mails to the Department of Homeland Security and Central Intelligence Agency yesterday weren’t immediately returned.
Strauss-Kahn pleaded not guilty June 6 and is free on bail in New York awaiting trial. The Washington-based IMF, which is seeking his replacement, approved a record $91.7 billion in emergency loans last year and provides a third of bailout packages in Europe.
Internal IMF memos obtained by Bloomberg warned employees to be on their guard after a computer at the fund was “compromised.”
“Last week we detected some suspicious file transfers, and the subsequent investigation established that a Fund desktop computer had been compromised and used to access some Fund systems,” according to a June 8 e-mail to employees from Chief Information Officer Jonathan Palmer. “At this point, we have no reason to believe that any personal information was sought for fraud purposes.”
World Bank Quarantined
The memo, which included advice on how to detect and report hacking attempts, said the IMF’s network connection to the World Bank was severed “as a precautionary measure.” The intrusion wasn’t connected to an attack by Anonymous, the memo said.
On June 1, the IMF’s information technology department sent an e-mail to employees with the subject line “Important Notice: Virus Attacks.” It warned of attempts to hack into the system.
“Staff are strongly requested NOT TO OPEN emails and video links without authenticating the source,” the e-mail said. The capitalization is in the original message.
The fund told employees June 8 that it would replace their RSA SecurID tokens. EMC Corp.’s RSA security-systems unit offered to swap the tokens after a breach of its own network, disclosed in March, resulted in the theft of RSA data. A SecurID device is shaped like a key fob or a computer-memory stick and generates random-number passwords used to gain access to a computer network.
“Nothing indicates that the SecurID tokens played a role in this intrusion,” according to the IMF memo.
A June 9 e-mail from Palmer warned employees of “increased phishing activity.” Phishing is the practice of obtaining information such as computer user names or passwords under false pretenses. Palmer’s message included further instructions on how to detect and respond to cyber-attackers, warning employees not to divulge their passwords or open “unexpected documents.”
“Exercise caution to protect yourself from cyber sharks!” Palmer wrote.