Investigators probing the recent ransacking of International Monetary Fund computers have concluded the attack was carried out by cyber spies connected to China, according to two people close to the investigation.
Computer specialists have spent several weeks piecing together information about the attack, which the IMF disclosed on June 8. Internal IMF e-mails obtained by Bloomberg News suggest fund officials completed an inventory of stolen documents by the middle of July, and drafted an “operational impact assessment.” The results have not been made public.
Evidence pointing to China includes an analysis of the attack methods, as well as the electronic trail left by hackers as they removed large quantities of documents from the IMF’s computers. The multistaged attack, which used U.S.-based servers as part of their equipment, ended on May 31, people involved in the investigation said on the condition they not be identified because they aren’t authorized to speak about it.
Their conclusion is likely to be a major test for the new IMF chief, Christine Lagarde, who this month appointed Chinese economist Zhu Min as deputy managing director, giving China a much expanded role in the institution.
“There are some very big questions about the role that China wants to play in the global economic system and what role it can play given some of its behavior,” said C. Fred Bergsten, who heads the Washington-based Peterson Institute for International Economics.
The timing of the attack and China’s lobbying for more influence at the Fund appear to overlap, creating a potentially embarrassing situation for China among the IMF’s 186 other members, including the U.S.
Scope of Attack
IMF officials have said little publicly about the scope of the attack or its origins, citing the on-going nature of the investigation, which involves outside forensics experts and the fund’s own information-technology team.
“We are not prepared to finger point at this time,” the IMF said today in a statement. “We also may never know who perpetrated this cyber attack. However, our effort to assess the impact and extent of the attack is continuing.”
Wang Baodong, a spokesman for the Chinese embassy in Washington, said in an e-mail that hacking is “an international issue” affecting dozens of countries and “willfully relating such cases with China is irresponsible.”
People familiar with the incident said that the hackers were able to download a large quantity of documents from dozens of computers on the IMF’s network, which was first infected when an employee downloaded a file containing a piece of sophisticated spying software that quickly spread.
IMF Internal E-Mails
In an internal e-mail sent to staff, Patrick Hinderdael, the IMF’s adviser to the chief information officer, said the attack occurred in at least two phases, and that no activity by the hackers has been detected since the end of May. In the first phase, the attackers grabbed “a general sweep” of recent files then returned for a second wave of downloads, Hinderdael said.
Hackers have learned to use sophisticated methods to hide their identities, including hijacking servers in other countries to launch an attack. Forensics specialists have similarly advanced techniques to cut through the fog. Those include analyzing the code left behind in networks and tracing patterns in multiple attacks that may use the same infrastructure.
Dominique Strauss-Kahn, the head of the IMF, was arrested in New York City on sexual assault charges on May 14 and resigned four days later, setting off an international search for a new director including demands by emerging economies that one of their own lead the fund. Lagarde, the former French finance minister, was appointed to fill the position beginning July 5.
Lagarde’s Cyber Experience
Lagarde has had experience with similar cyber attacks. In March, the French finance ministrysaid its computer network had been hacked and that documents related the French presidency of the G-20 were stolen. The magazine Paris Match quoted a French official saying the information was redirected to servers in China.
Google Inc. (GOOG) has said its computers were attacked by Chinese-based hackers in late 2009, along with the networks of at least 20 other companies. According to diplomatic cables posted by the website WikiLeaks, U.S. defense and intelligence officials have documented the operations of sophisticated cyber spies operating from China over several years.
“As an intelligence professional, I stand back in absolute awe and wonderment at the Chinese espionage effort against the United States of America,” Gen. Michael Hayden, the former CIA director, said at cyber security conference last year. “It is magnificent in its breath, its depth and its efficiency.”
China, which is driving global economic growth, has been gaining clout in international organizations. In 2008 Justin Lin, a Taiwan-born scholar who defected to China, became the first World Bank chief economist from outside Europe and Lagarde created a new position for Zhu at the IMF, giving China access to a top management post for the first time.
A few months earlier, China obtained the third-largest voting share at the fund after the 187 member countries agreed to better reflect the growing weight of emerging markets in the world’s economy.
China needs to decide whether it will be a cooperative global power or pursue national interests that can be disruptive, Bergsten said.
“The cyber security issue is a very big part of that but it’s only part of a broader mosaic,” he said.
The IMF is a cornerstone institution in the global economic system, managing financial crises around the world. Its computers are likely to contain confidential documents on the fiscal health of many countries.
“The IMF holds some of most valuable data anywhere,” said Josh Shaul, chief technology officer with Application Security, Inc., a cyber security firm based in New York City, NY.
The financial status of countries is critical information for major nation-state investors or holders of sovereign debt, he said.
Hinderdael said in an e-mail to IMF staff that the attack was not related to identity theft or commercial fraud, another indication the intruders weren’t ordinary cyber thieves.
“According to our experts’ assessment, the information contained in our e-mail, document management, human resource, and financial systems has not been compromised,” Hinderdael said in the e-mail.
In a separate e-mail obtained by Bloomberg News, Jonathan Palmer, chief information officer at the IMF, said the fund was instituting new security measures for employees’ SecurID tokens, a product sold by EMC Corp.’s security division, RSA, and used by government agencies and banks to guard against hacking.
RSA said in March that hackers had compromised its networks, and the stolen information was later used to access the secure computer network of defense contractor Lockheed Martin Corp. There is no evidence linking the RSA breach to the incident at the IMF, a person familiar with the investigation said.
Robert Orr needs a Chinese Visa to enter UN's DC2 building
Rio+20: GreenPeace Statement
Greenpeace International Executive Director has released a statement on his views of Rio+20. "The future we want has gotten a little further away today. Rio+20 has turned into an epic failure, It has failed on equity, failed on ecology and failed on economy" were Kumi Naidoo frank comments after the text for the outcome document was adopted. Please click here for the full statement.
UN Policy Coordination on the Road
DESA's Telecommuting Assistant Secretary General
Sha Zukang's behavior not appropriate...
Sha's behavior was not appropriate as a senior advisor. And he also knows that his behavior has embarrassed most of the [other] senior advisors at that time.
Mr. Chance (buy this book now)
Click on the picture and purchase this book now. It's already a best seller. It shows the coward Ban Ki Moon and his Korean team in action.
Chinese Social Affairs Department
"UN needs complete leadership overhaul"
International Development Secretary Andrew Mitchell, who asked Ashdown to carry out the report, said the government would give its response in about six weeks.
Czech President Klaus
"...this is the time for international organizations, including the United Nations, to reduce their expenditures, make their administrations thinner, and leave the solutions to the governments of member states"
Sha Zukang Disrespectful of UN Rules
UN staff rules require employees to uphold and respect the principles set out in the Charter, including faith in fundamental human rights. They prohibit U.N. employees from accepting instructions from any government or from any other source external to the organization. UN staff should avoid any action and, in particular, any kind of public pronouncement that may adversely reflect on their status, or on the integrity, independence and impartiality that are required by that status.
Barack Obama on UN Reform
Obtain Refund of Funds Owed to the U.S. by the U.N.
CLICK ON VOTE - to save approximate $180 million in one time savings
Get ready U.N. !!
Let's raise our voices
The following months are critical. Changing DESA is in your hand. Speak up now and share our message with all colleagues.
NyTimes disavows Ban Ki Moon
"The United States, meanwhile, should think hard about whether it wants to support Mr. Ban’s re-election" NyTimes Editorial - Nov 03, 2010
Feel like saying smth ?
You are free to respond to any of our critics. Send an email at - email@example.com - your reply will be published as is
UN at 65
State Department Spokesperson P.J. Crowley
"Sha Zukang seems to be cranky at lots of folks. It will not affect our relations with China."
UN STAFF RESOLUTION ON BAN KI MOON
If SG Ban Ki-moon fails to take immediate steps towards real reform to address these urgent systemic issues, Staff Union will consider a vote of NO-CONFIDENCE
Backstabbing for Beginners
Backstabbing for Beginners is at once the darkly comic tale of one man's political coming of age and a stinging indictment of the hypocrisy that prevailed at the heart of the world's most idealistic institution.
Hacked Emails Show Blatant Climate Change Fraud
anyone who wants to report facts in our Blog is welcomed. You can send us anonymous messages thru leaving comments into our past blogging or you can send us an email at: firstname.lastname@example.org. We ensure full confidentiality of your reporting.
What will this successful Chinese Diplomat do different?