The IMF which was recently rocked by a sex scandal involving its former chief was also hit by a “major” and sophisticated cyberattacks over the last several months, whose dimensions are still unknown.
According to a report the attack occurred over the last several months, even before Dominique Strauss-Kahn, the French politician who ran the fund, was arrested on charges of sexually assaulting a chamber maid in a New York hotel.IMF told its staff and board of directors about the attack on Wednesday. But it did not make a public announcement.Several officials who had the knowledge of the attack said it was both sophisticated and serious.
“This was a very major breach,” said one official, a daily reported. When asked about the reports of the attack late Friday, a spokesman for the fund, David Hawley, declined to provide details or talk about the scope or nature of the intrusion.“We are investigating an incident, and the fund is fully functional,” he said.
IMF possesses sensitive data on some countries that may be on the brink of crisis and its database contains potentially market-moving information, which also includes communications with national leaders as they negotiate, often behind the scenes, on the terms of international bailouts.
The daily reported one IMF official saying that such negotiations are “political dynamite in many countries.”
It was unclear what information the attackers were able to access. The concern about the attack was so significant that the World Bank cut the computer link that allows it and IMF to share information.
Though there was no word on where the attack might have originated, the newspaper said it was likely to have been made possible by a technique known as “spear phishing”, in which an individual is fooled into clicking on a malicious Web link or running a programme that allows open access to the recipient’s network.
The fund said it did not believe that the intrusion into its systems was related to a sophisticated digital break-in at RSA Security that took place in March, which compromised some information that companies and governments use to control access to their most sensitive computer systems.