he data theft from International Monetary Fund computers by hackers said to be linked to a foreign government follows incidents against companies and governments that illustrate the growth of cyber-attacks as an espionage tool.The IMF hack resulted in the loss of a “large quantity” of data, including documents and e-mails, according to a person familiar with the incident, a security expert who declined to be identified because he wasn’t authorized to speak on the subject. This year, the Group of 20 and Oak Ridge National Laboratory have also come under cyber-attack.The person said the intrusion was state-based, without saying which government is thought to be behind it. The Washington-based IMF approved a record $91.7 billion in emergency loans last year and provides a third of bailout packages in Europe.“The value of what’s being lost in these cyber-attacks is increasing at a very fast rate,” Sami Saydjari, the founder of Cyber Defense Agency in Wisconsin Rapids, Wisconsin, said in an interview this year before the latest attacks. “There are two perpetrators that are most concerning.One is organised crime, the other is nation-states, and they are both quite serious.”Google Inc’s computer networks were broken into this month by hackers who gained access to the private Gmail accounts of senior US officials. Defense contractor Lockheed Martin Corp was hacked in May. Computers at Hopkinton, Massachusetts-based EMC Corp’s RSA Security division were infiltrated in March by hackers who stole technology used to protect other US government and corporate networks.
Vocational School
Google, based in Mountain View, California, traced the incursion on its networks to hackers at a vocational school associated with the Chinese military. Kevin Kempskie, an RSA spokesman, didn’t specify who was linked to the RSA attack.
The same attackers used data stolen from RSA to gain access to Bethesda, Maryland-based Lockheed Martin’s computer network, RSA said this month. The pattern of the attacks against RSA and Lockheed Martin confirmed RSA’s suspicion that the hackers were seeking national security information and weren’t out for financial gain, according to RSA.David Hawley, an IMF spokesman, on June 11 declined to discuss details of the attack on the fund.Fund employees were alerted about hackers this month and “strongly requested not to open e-mails and video links without authenticating the source,” according to a copy of a staff memo provided to Bloomberg News.
‘Phishing Activity’
An e-mail from the IMF’s chief information officer, Jonathan Palmer, warned employees of “increased phishing activity.” Phishing is the practice of obtaining information such as computer user names or passwords under false pretenses. Palmer instructed employees on how to detect and respond to cyber-attackers, warning them not to divulge their passwords or open “unexpected documents.”According to one IMF memo, the fund’s network connection to the World Bank was severed “as a precautionary measure.” On June 1, the IMF’s information technology department sent an e-mail to employees with the subject line “Important Notice: Virus Attacks.” “Staff are strongly requested NOT TO OPEN e-mails and video links without authenticating the source,” the e-mail said.Anup Ghosh, chief executive officer of Invincea Inc, a Fairfax, Virginia-based cyber-security company, said the warning suggests computer worms were downloaded into the IMF’s networks through so-called spear phishing.