Sunday, June 12, 2011

IMF cyber-attack a risk to 'dynamite' data

THE International Monetary Fund, still struggling to find a new leader after the arrest of its managing director last month in New York, was hit recently by what computer experts describe as a large and sophisticated cyber attack.

The fund, which manages financial crises around the world and is the repository of highly confidential information about the fiscal condition of many nations, told its staff and board of directors about the attack on Wednesday. But it made no public announcement.

Several senior officials with knowledge of the attack said it was both sophisticated and serious. ''This was a very major breach,'' said one official, who said that it had occurred over the last several months, even before Dominique Strauss-Kahn, the French politician who ran the fund, was arrested on charges of sexually assaulting a chamber maid in a New York hotel.

Advertisement: Story continues below

Asked about reports of the computer attack on Friday, a spokesman for the fund, David Hawley, declined to talk about the scope or nature of the intrusion. ''We are investigating an incident, and the fund is fully functional,'' he said.

Because the fund has been at the centre of economic bailout programs for Portugal, Greece and Ireland - and possesses sensitive data on other countries that may be on the brink of crisis - its database contains potentially market-moving information. It also includes communications with national leaders as they negotiate, often behind the scenes, on the terms of international bailouts.

Those agreements are, in the words of one fund official, ''political dynamite in many countries''. It was unclear what information the attackers were able to access.

The concern about the attack was so significant that the World Bank, whose headquarters are across the street from the IMF in Washington, cut the computer link over which the two institutions share information.

A World Bank spokesman said the step had been taken out of ''an abundance of caution'' until the severity and nature of the cyber-attack on the IMF is understood.

That link enables the two institutions to share non-public data and conduct meetings, but users of the system say that it does not permit access to confidential financial data.

Companies and public institutions are often hesitant to describe publicly the nature or success of attacks on their computer systems, partly for fear of providing information that would be useful to the individuals or countries mounting the efforts.

Even so, Google has recently been aggressive in announcing attacks and, in one recent case, of declaring that its origin was China, an accusation the Chinese government quickly denied.

IMF officials declined to say where they believe the attack originated - a delicate subject because most nations are members of the fund.

The attacks may have been made possible by ''spear phishing,'' in which someone is fooled into clicking on a malicious web link or running a program that allows open access to a network.

Read more: