Breach, Data Security, Network Security

IMF and the weakest link

Let's think about the International Monetary Fund security breach, preferably without trying to tie it to the Strauss-Kahn affair: I really don't see at the moment that one has anything to do with the other.

We can, perhaps, try to put it into the context of other recent attacks on RSA, Lockheed Martin et al, since other reports have mentioned them, and they are at least incidents with a significant security dimension and a hypothetical connection – information stolen from RSA seems to have been used in the attack on Lockheed Martin, and the IMF reportedly plans to replace RSA SecurID tokens used by its employees, but the memo quoted by Bloomberg suggests that the attackers probably didn't make use of the tokens in any way.

As is customary with this kind of breach (and this kind of organization), there isn't really much information available on what was accessed, or how. While a leaked memo refers to “suspicious file transfers,” and the Bloomberg story mentions emails, the New York Times reports a very bare statement from the IMF's spokesman, David Hawley: “We are investigating an incident, and the fund is fully functional.”

Of course, the sensitive nature of transactions carried out under the IMF's auspices and the global nature of its clientele is a considerable incentive to exercise caution and secrecy. The BBC was told that "an investigation had shown a desktop at the Fund had been 'compromised and used to access some Fund systems.'"

However, the memos reported by Bloomberg clearly suggest spear phishing as a likely precursor to the attack, warning employees to be cautious about opening “emails and video links,” and not to divulge passwords or open “unexpected documents.” That could, of course, be an attempt to reduce the attack surface, rather than an unequivocal indicator of the form the attack actually took, but it does make an all too familiar point once again: However good your technical security solutions are, the user is still a link in the security chain – all too often, the weakest.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.