IMF cyber attacks linked to state actors

A hacking attack against the International Monetary Fund (IMF) has been linked to a foreign government, according to security experts working on the latest high-profile data breach.

The IMF board of directors was informed last week that its systems had been under attack for a period of months.

A June 8 internal memo from Chief Information Officer Jonathan Palmer told staff the Fund had detected suspicious file transfers and that an investigation had shown a desktop computer "had been compromised and used to access some Fund systems".

"At this point, we have no reason to believe that any personal information was sought for fraud purposes," it said.

The IMF says its remains "fully functional" but has declined to comment on the extent of the attack or the nature of the intruders' goal. The U.S. Federal Bureau of Investigation is helping to investigate the attacks.

STATE ACTORS

Security experts said that the complexity of the assault - and its targeting of the organisation's secrets – suggests that a national government is the most likely culprit.

"For what we can tell, the aim ... appears to be to gather intelligence rather than cause disruption," said John Bassett, a former senior official at Britain's signals intelligence agency GCHQ and now a senior fellow at the Royal United Services Institute.

"The intrusion appears to be sophisticated and well executed at an operational level (suggesting) that it originates from or is sponsored by a state."

Jeff Moss, a self-described computer hacker and member of the Department of Homeland Security Advisory Committee, said he believed the attack was conducted on behalf of a nation-state looking to either steal sensitive information about key IMF strategies or embarrass the organisation to undermine its clout.

He said it could inspire attacks on other large institutions. "If they can't catch them, I'm afraid it might embolden others to try," said Moss, who is chief security officer for ICANN.

Tom Kellerman, a cybersecurity expert who has worked for both the IMF and the World Bank, said the intruders had aimed to install software that would give a nation state a "digital insider presence" on the IMF network.

That could yield a trove of non-public economic data used by the Fund to promote exchange rate stability, support balanced international trade and provide resources to remedy members' balance-of-payments crises.

"It was a targeted attack," said Kellerman, who serves on the board of a group known as the International Cyber Security Protection Alliance.

The code used in the IMF incident was developed specifically for the attack on the institution, said Kellerman, formerly responsible for cyber-intelligence within the World Bank's treasury team and now chief technology officer at AirPatrol, a cyber consultancy.

Any confirmation of a country's involvement would become a major diplomatic incident.

WHICH STATE?

China has again topped the list of suspects.

Chinese hackers have been suspected of being behind several recent data theft attempts including one aimed at breaching the security of Google's Gmail on accounts belonging to activists, US officials and others.

Larry Wortzel, a commissioner on the congressionally created U.S.-China Economic and Security Review Commission, said he suspected Chinese authorities had sought to pierce IMF networks to get inside information before meetings in Beijing last week with French Finance Minister Christine Lagarde, the frontrunner to replace Strauss-Kahn.

The bipartisan commission has accused Chinese hackers of infiltrating both the US and other international computer systems to gain information for commercial and strategic gain.

"You don't have to be Inspector Clouseau to figure this out," Wortzel, a retired U.S. Army colonel who served two tours as a military attache in China, said in a telephone interview, referring to the fictional French police detective. Wortzel said he did not have any forensic information to back his speculation. "To me, this is just practical common sense."

Wang Baodong, a spokesman for the Chinese embassy in Washington, did not immediately respond to a request for comment but Beijing has in the past steadfastly dismissed such charges.

"As a victim itself, China is firmly against hacking activities and strongly for international cooperation on this front," the Chinese spokesman said last month after Lockheed Martin, the Pentagon's No. 1 supplier by sales, said it had thwarted a "significant" cyber attack on its network that some officials said had likely originated in China.

Alexander Klimburg, a cyber security expert at the Austrian Institute for International affairs, said the source of the IMF attacks could just as likely be from Russia.

Some security experts say both Moscow and Beijing in particular deliberately turn a blind eye to the activities of hackers in their territory providing they only attack foreign targets outside their borders.

Such hackers are believed to occasionally carry out work on behalf of governments as well as trading information for cash.

During the brief 2008 war between Georgia and Russia over breakaway South Ossetia, attacks disabled and took offline websites in all the countries involved.

Global coordination was key to countering the attacks, Klimburg said.

"This is potentially a great opportunity to launch a "communal" investigation into an attack on a "communal" institution," he said. "If the fingers can be pointed, they should be pointed. The only way to stop such attacks is "naming and shaming" and in this case... there is a clear global interest at stake."

But experts say almost every sophisticated state indulges in electronic snooping, whilst independent hackers potentially working for militant groups or even banks or investment funds could also be in the frame.

Philip Blank, an expert on security, risk and fraud at San Francisco-based Javelin Strategy and Research said the IMF "would be an extraordinarily attractive target". Other financial industry insiders agreed.

"Given how central the IMF is at the moment, there are plenty of people who would like to know what it is thinking," said one London-based currency markets veteran, asking not to be named because of the sensitivity of the issue.

"They range from the world's largest reserve holders -- which are the key emerging economies like China -- to brokerages and funds to the Eurozone governments themselves."

Access to IMF files might give a hacker access to not only details of its own policy of thoughts and internal debates but also those of other major powers, he said.

The most immediately time and market sensitive information would relate to Greece, he said, with the IMF and EU needing to offer new bailouts by the end of the month to avoid default.

Other issues of interest might include the latest thinking on the creation of a global reserve currency and the latest manoeuvring to replace former IMF chief Dominique Strauss-Kahn, he said. Strauss-Kahn resigned after being accused of a sexual assault on a domestic worker in a New York hotel room.

(Reporting by Lesley Wroughton, Jim Finkle, Jim Wolf, Jim Vicini and William Maclean in London; Editing by Jon Boyle).