Who Launched the IMF Attack?Speculation Ranges from Cyber Gangs to Nation States
A former cybersecurity specialist at the World Bank, who's reportedly been tracking the IMF incident, says the attack on IMF was perpetrated by a new kind of malware, one that gave hackers broad access and views of IMF's systems - perhaps designed to gain market-moving insider information.
Some reports also suggest the attack - which IMF spokesman David Hawley told The Wall Street Journal was "an IT incident" - may be linked to a nation state, given the sophistication of the attack and the monetary resources that would be needed to back the attack's development.
Dave Jevans, chairman of online security vendor IronKey Inc. and the Anti-Phishing Working Group, says basing the involvement of a nation state solely on the sophistication of the attack is ill-advised. "I'm not sure why people think government hacking groups have more resources than professional cybercrime gangs," he says. "Those gangs have access to the best talent, the best coders. Governments might have more money, but I'd be surprised if more than a couple of government labs could turn out attacks that are more sophisticated than those of cybercriminals."
The IMF, a multinational organization that supports global monetary cooperation, financial stability and international trade, holds confidential information about numerous countries in financial trouble.
"What is certain is that as government agencies begin to militarize their dialog about cyberwar, other countries will feel the need to 'keep up.' This will create a self-fulfilling prophecy," Jevans adds.
Connection to China?Other reports suggest the IMF attack might be linked to other recent breaches, such as the breach of Google's Gmail, which is suspected of exposing personal Gmail account information on hundreds of top U.S. officials, military personnel and journalists. Google on June 1 alleged that Chinese hackers attacked select Gmail accounts in an effort to obtain passwords and monitor account activity. The Chinese government has denied these accusations.
Jevans quickly dispels those claims as well. "Why would spear phishing attacks against government employees be easily traced to China? Professional hackers would do a much better job hiding their tracks," he says.
Gartner analyst Avivah Litan doubts anyone knows who is truly behind the attacks. "I think it's all just speculation now," she says. "I truly hope the authorities figure this out sooner rather than later and catch the hackers."
But Litan does agree it's likely many recent systems breaches, especially those aimed at government entities, are connected. In fact, she says there may be other attacks on government agencies that have not been made public at all. "It appears as though there are still dozens of similar, yet still undisclosed, breaches that have taken place in the U.S. government and defense domain during the same time frame as the attacks that hit the IMF, Lockheed Martin and RSA," Litan says. "My guess is that it is the same set of bad actors who are behind the attacks focused on military, government and economic intelligence."
RSA Security announced last week that the March breach of its SecurID multifactor authentication tokens was linked to subsequent breaches at Lockheed Martin Corp. and L-3 Communications Holdings Inc. Lockheed Martin and L-3 are both government contractors. [See RSA: SecurID Hack Tied to Lockheed Attack.]