The International Monetary Fund, IMF, is the latest high-profile organization to become a victim of network intrusion by hackers. According to several media reports, the IMF has suffered a substantial security breach, of which the full extent is not yet known. Over the last few months, cyber attacks have increased in both frequency and severity. The group of cyber activists, Anonymous, are currently involved in 9000 attacks on governments and corporations around the world. Check out the stunning details.
“You still have the power to stand up for good. Do NOT come between us and our freedom. You have been warned.”
According to The New York Times, quoting an unnamed official, the IMF intrusion is a “very major” one, and has been going on for several months. The actual dimensions of the attack are still unknown. The IMF says that the Fund is “fully functional” and that the organization is investigating the incident. Sony, Citibank, Acer, Epsilon, RSA, NASA, Lockheed Martin – even Al-Qaeda and the FBI – everyone seems to get hacked these days!
The IMF declined to say who might be behind the intrusion, NYT reports.
A Bloomberg story, however, cited an unidentified security expert as saying that the attackers were believed to be connected to an unspecified foreign government and that e-mails and other documents had been taken.
Dealing with the global financial crises, international trade and other monetary matters, the IMF is privy to sensitive economic information regarding a number of countries data that could be extremely valuable to investors and of great interest to governments.
The organization has also been criticized for its policies and accused of being responsible for crises.
The breach is the latest in a series of headline grabbing hacks that have involved the likes of computer security company RSA, several U.S. military contractors, search giant and Web-based e-mail purveyor Google, and Sony entertainment behemoth.
Shutting Down The World Bank
Cyberespionage and cyber warfare have been making headline news consistently for quite some time.
Bloomberg quotes a memo to IMF employees by the organization’s chief information officer, warning the staff to be vigilant:
“Last week we detected some suspicious file transfers, and the subsequent investigation established that a Fund desktop computer had been compromised and used to access some Fund systems. At this point, we have no reason to believe that any personal information was sought for fraud purposes.”
The memo also says that the IMF’s network connection to the World Bank (which is headquartered across the street from the Fund) have been shut down “as a precautionary measure.”
An earlier memo to employees has warned the IMF staff of phishing attacks, saying:
“Staff is strongly requested NOT TO OPEN emails and video links without authenticating the source.”
Bloomberg writes that the recent network breach is not associated with the group Anonymous, which had earlier threatened an attack on the Fund in association with IMF activities involving the economically hobbled country of Greece.
On Saturday, law enforcement officials in Spain said they had arrested several members of Anonymous in connection with attacks on entertainment giant Sony, as well as on governments and financial institutions.
Hackers Go Wild
A wave of cyber attacks has left corporations and government organizations in a state of shock and confusion.
The Hacker News reports that they have received a message from the hacking group, Pakistan Cyber Army – PCA – claiming the group has hacked Acer Europe’s server and stolen sensitive information.
THN have posted a screenshot of the data reportedly collected, which included the personal information of 40,000 customers, including their names, addresses, phone numbers, e-mail addresses, and the names of products they had purchased.
According to The Hacker News, the PCA plans to release more data within the next 24 hours, and will follow that up with a press release discussing its reasons for hacking Acer’s Europe division.
Acer did not immediately respond to a request for comment, CNET.com reports.
The Anonymous, which made headlines last year by hacking financial institutions and other sites in defense of WikiLeaks founder Julian Assange, recently made public more than 10,000 e-mails it stole from Iran’s Ministry of Foreign Affairs.
According to the International Business Times, quote a source who have viewed the documents, most of the files are passports and visas, relate to an “oil meeting.”
NATO Gets a Warning
The organization has also launched a new operation it’s calling Op NATO Black Fax/E-mail Bomb.
Users can surf to the OpNATO page and send a free prewritten fax to the North Atlantic Treaty Organization in defense of Anonymous. The organization has posted a list of fax numbers to the page, and has asked supporters to send “as many [faxes] as you can” to those numbers.
“It has come to our attention that you have classified Anonymous a ‘potential threat to the security of [your] member states,’ and that you seek retaliation against us,” reads the letter to NATO, which is made up of the U.S., Canada, and the U.K., among other countries. Anonymous goes on to ask the member nations to “retaliate against us in any manner you choose.” However, even if some of its members are jailed, the letter reads, the nations will find “that Anonymous continues to live on.”
Anonymous’ letter ends with the following threat:
“Think carefully before you continue from here,” the letter reads. “You still have the power to stand up for good. Do NOT come between us and our freedom. You have been warned.”
But there seems to be many busy hacking groups at the moment:
Earlier Sunday, a hacker known as “pr0f” posted the e-mails and passwords of more than a hundred United Arab Emirates government employees.
However, the hacker said the list was “historic” and that the e-mail passwords were not current.
Even British intelligence officials have gotten into the mix.
Hacking With Humor
According to a Daily Telegraph report yesterday, the British intelligence organization, MI6, hacked into an al-Qaeda online magazine recently and replaced a recipe on bomb-making with a recipes on making “The Best Cupcakes in America.”
The latest string of hacks started in earnest in April when hackers launched a sophisticated attack against Sony’s PlayStation Network and Qriocity services. The hackers also breached Sony Online Entertainment.
After discovering the breach, Sony was forced to take the services down.
The company reported that the personal information of more than 100 million users had been exposed.
Sony reassured users at the time that credit card data was encrypted. It has also said no identity theft has been reported because of the breach.
So far, Sony hasn’t been able to pinpoint who overcame its defenses, but the company did find a file named “Anonymous” on its servers. The file contained part of the hacking organization’s slogan: “We are legion.”
The Anonymous says it is not responsible for the Sony attack. It did acknowledge, however, that some of its members might have acted independently to hack Sony.
Though Sony might have hoped it was out of the woods following the PlayStation Network breach, the company still faces attacks from hackers.
Yesterday, a hacking organization called LulzSec posted links on its Twitter account to data it had stolen from Sony’s internal networks, as well as from the networks of Sony Pictures, Sony Music Belgium, and Sony Music Netherlands.
“We recently broke into SonyPictures.com and compromised over 1 million users’ personal information, including passwords, e-mail addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts,” LulzSec wrote on Pastebin, the site where it posted some data. “Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes’ and 3.5 million ‘music coupons.’ “
The group claimed the data was not encrypted and had been left for the taking. Sony confirmed the attack this evening, saying it had contacted the FBI in an effort to track down the individuals who posted the data.
LulzSec’s attack on Sony was the second major hack the organization engaged in over the past week. This past weekend, the group showed off its hacking ability by engaging in what it called a “fun battle” with the Public Broadcasting Service.
LulzSec also posted a fake news story on the PBS site, saying that musical artist Tupac was still alive, and reportedly published log-in data for the PBS workforce.
The hack was a response to an airing of a PBS “Frontline” episode called “WikiSecrets” that presented WikiLeaks in a somewhat unfavorable light.
The LulzSec hack followed a statement earlier this week from Google claiming it had “detected and disrupted” a phishing attack that attempted to give the hackers access to hundreds of Gmail accounts belonging to senior U.S. government officials.
Google said it believed the attacks originated from Jinan, China, but stopped short of blaming the Chinese government.
The US government has denied that state-run e-mail accounts were hacked, but it has launched an investigation into the possibility of officials’ Gmail accounts being targeted.
“Speaking on behalf of the US government, we’re looking into these reports and seeking to gather the facts,” Caitlin Hayden, deputy spokesperson for the National Security Council, said in a statement to CNET yesterday.
“We have no reason to believe that any official US government e-mail accounts were accessed.”
Now, that’s waving a red flag in front of a raging bull.
Thanks to The Hackers News – who has been reporting on most incidents lately – here’s the list of registered highlights between April and June 2011 :
- Sony Online Entertainment announce that it has lost 12 700 customer credit cards as a result of an attack, and about 24,6 million accounts may have been breached. LINK
- The Anonymous performs Operation Iran, attacking the governmental websites responsible for oppressing the freedom of speech, information or ideas. LINK
- The information and review site on high-speed internet, DSLReport.com, gets hit with a blind SQL injection attack, resulting in a compromise of at least 9000 accounts. LINK
- Hackers gain access to famous pop star Lady Gaga’s Twitter account and began posting spam messages. LINK
- The social network site Buddie.me gets hacked, about 15 809 emails/passwords published on the net. LINK
- Pakistan Cyber Army – PCA – hacks into the Indian railway’s email system and downloads all confidential material, including email addresses and matching passwords. LINK
- A 26-year-old hacker is charged with 13 cases of felony after hacking into Facebook accounts, stealing photos of young women and posting them on porn sites. LINK
- A Turkish hackers group hacks the website of Cyberhackers.org. LINK
- Indian hackers/codebreakers breaks into the servers of Pakistan Air Force. LINK
- An employee claiming illegitimate firing claims he was able to break into, and take down, a 200 megawatt wind turbine system owned by NextEra Energy Resources. LINK
- Media reports of growing threat to Western governments and corporations as they are under attack from hackers based in China. LINK
- The European Space Agency – ESA – gets hacked by someone called TinKode. LINK
- The server’s of the world’s largest blog community WordPress.com gets hacked. LINK
- Epsilon’s Customer Lists of major Brands gets compromised. LINK
- Hackers manage to infiltrate one of the world’s top computer-security companies, RSA. The company has about 40 million users/customers. LINK
- A Pakistani hacker called KhantastiC hacks into the website thehackersparadise.com and adds his own page. LINK
- The official website of the President of Pakistan gets hacked. LINK
- The database of Spanish Escuela Universitaria Diseno gets hacked and dumped on the file sharing site rapidshare.com. LINK
- An Indian hacker called Lionaneesh hacks and exposes the aviation website Planespotters.net. LINK
- A Turkish hacker called OldChildz hacks the web portal of several famous Israeli companies. LINK
- The British Cambridge Networks gets hacked by the Pakistani hacker Shak. LINK
- An Indian hacking crew claims to have broken into 253 different websites. LINK
- The website of The Film and Publication Board – FPB – gets hacked by someone called Dr.KroOoz. LINK
- An Indian hacker called Angel 4k4 4d0r4b13 hacks the Pakistani railway’s database. LINK
- The Oak Ridge National Laboratory gets hacked. LINK
- A hacker called The 077 breaks into 20 websites run by the Chinese government. LINK
- The website of CEH – Centennial Media Training – gets hacked. LINK
- 70 Indian websites gets hacked by Shadow008 who is a part of the Pakistani Cyber Army. LINK
- All websites run by the Security Firm & News Company is breached by Indian hacker called I33t Haxors. LINK
- Hackers break into The Hartford insurance company and install password-stealing software on several of the company’s windows servers. LINK
- Computer producer ACER gets hacked by Pakistan Cyber Army. LINK
- The British intelligence service MI6 hacks an Al-Qaeda website and replace a bomb making recipe with a cupcake recipe. LINK
- The hacker group Lulzsec hacks the systems of Infragard Atlanta Members Alliance, a FBI affiliate and blows their cover. LINK
- The Anonymous leaks more than 10 000 emails, stolen from the Iranian government. LINK
- Chinese hackers cracks hundreds of US and Asian Gmail accounts. LINK
- The website of PBS.org gets hit by a zero-day exploit. LINK
- The official website of the upcoming movie Ra One – gets hacked and the defaced. LINK
- The network of Television Company GMA-7 – including Twitter and Facebook – gets hacked by someone called D4RKB1T. LINK
- A 14 year old hacker gets hired by Microsoft after doing phishing via Call of Duty Server. LINK
- Hackers break into the servers of Lockheed Martin networks and US defense contractors. LINK
- PC game company Comodo gets hacked, resellers private data exposed. LINK
- The Anonymous takes down the website of US Chamber of Commerce after the Chamber approved the new Protect IP Act. LINK
- More than 200 Indian official websites are reported hacked by someone called XtReMiSt. LINK
- Another report on stealing and selling credit card information says the use of hacking techniques is increasing. LINK
- Facebook prepares to launch a so-called Bug Bounty Program. LINK
- NASA Goddard Space Flight Center gets hacked – again – by the hacker called TinKode. LINK
- Another Facebook scam are reported. LINK
- The website of famous football star Ronaldinho gets hacked by Osama bin Laden supporters. LINK
- The Information Security and Ethical Hacing Training organization, Appin, gets hacked – once again. LINK
- The hacker group Lulzsec hacks and release ATM information. LINK
- Official report questions the security of US institutions like Department of Defense, Pentagon, NASA and NSA. LINK
- Pakistan Cyber Army gets hacked by the Indian Cyber Army, Indishell. LINK
- The website of Indian TV Channel V hacked by someone called MaDnI, a member of Pakistan Cyber Army. LINK
- The Anonymous’ IRC networks – irc.anonops.net and irc.anonops.ru – gets hacked. LINK
- India’s leading IT companies TCS – Tata Consu;tancy Services – and Tech Mahindra reports security breaches. LINK
- The database of contestants in the popular TV show, X Factor, gets hacked and published on the net – available for download. LINK
- Pakistani news site, Paktribune.com, is hacked and more than 800 emails/passwords stolen. LINK
- Credit card Company, CCAvenue, hacked. LINK
- Citibank reports theft of 200 000 credit card accounts. LINK
- The International Monetary Fund confirms a major security breach. LINK
Download The Hackers News Magazine here:
Issue June 2011 : Rar File | PDF file
Issue May 2011: RAR Format | PDF Format
Related by the Econotwist’s: