Another major international financial institution has had its computer system attacked by unknown cyber-hackers, FOX News has learned.
The discovery of the assault last week threw into crisis the Washington, D.C. based International Monetary Fund (IMF), which offers emergency financial aid to countries faced with balance-of-payments problems, and provoked a shutdown of IMF computers that lasted for several days.
In October, FOX News reported that the computer system at the World Bank had also been hacked over a period of months.
FOX News has been unable to determine what, if any, information may have been obtained by the hackers. The IMF denies any critical intrusion took place.
The spyware discoveries came at a particularly sensitive time for the international bailout institution, which along with the World Bank is expected to play a central role in trying to combat global financial turmoil. The pair of institutions are described on the IMF's website as the "twin intergovernmental pillars supporting the structure of the world's economic and financial order."
Both will be intensively discussed at this weekend's meeting of G-20 nations in Washington, hosted by President Bush, in the effort to put global finance back on a stable basis.
Europe in particular is promoting an expanded role for the IMF, which traditionally has a European CEO, in that future architecture. IMF computers contain highly sensitive information not only on distressed nations, but also on currency payments and central bank balances around the world, all of which could be invaluable to outsiders.
What the IMF intrusion also shows is that the physical wiring of the world's financial systems is increasingly vulnerable — and getting worse.
"Electronic safety in the financial sector is in dire jeopardy," says Tom Kellermann, a former senior computer security official at the World Bank's ultra-sensitive treasury unit — which FOX News reported last month had been penetrated by illicit spyware. "What people don't realize is that the financial sector is the most heavily targeted sector of all critical infrastructures."
Kellermann today is the commissioner of the Commission on Cyber Security for the 44th Presidency, a unit of the Center for Strategic and Internal Studies — a Washington-based security think tank — that is preparing to issue recommendations in early December to President-elect Barack Obama on how to keep the country's computer systems from being penetrated.
IMF officials clamped down on their computer systems on November 7, after they discovered spyware that was quickly spreading through the institution's high-security computer system. Spyware is software that is secretly installed on a computer to intercept information or take control of the system.
The IMF's network link to the World Bank, the world's largest anti-poverty agency, was also temporarily severed, a move that IMF spokesman Bill Murray described as a "precaution."
But IMF officials strenuously deny that any lockdown of its computers took place, and insist that no important or sensitive financial information had been affected.
"There was no lockdown as far as I'm aware" says Murray. "I'm not aware of any major breaches, but enhanced security measures have been taken."
Prodded further as to the discovery of spyware, Murray responded: "As part of our ongoing [security] regime, we've had a scan of Fund personal computers and laptops and we found some workstations that did have malicious software, but absolutely no evidence that any sensitive information or systems were breached."
That is not, however, the version given by other IMF insiders and World Bank security officials, who requested anonymity.
According to them, the November 7 lockdown came only days after the World Bank moved more than 100 of its employees into an empty floor of one of the IMF's two buildings on Washington's Nineteenth Street, N.W., just across from the World Bank headquarters.
As FOX News reported on October 10, the World Bank itself suffered a series of cyber-attacks starting in the summer of 2007, both at headquarters and at other offices around the world. The World Bank strenuously denies that the intrusions took place, and none of the bank's 24 board members contacted by FOX News would discuss the matter. But sources told FOX News that at least one of those breaches also involved spyware, penetrating the World Bank's ultra-sensitive Treasury unit, which manages a $75 billion portfolio for itself and for several nations
The World Bank, however, did not take the dramatic step of shutting down all its computer systems to eliminate any spyware. Security experts say it is possible that the bank may have inadvertently infected the IMF — simply by sharing some wires in the IMF's sublet building. Moreover, as FOX News reported last month, hundreds of workers previously employed by an Indian contractor that is barred from Bank contracting work on security grounds still work at the institution, either as regular staffers or as employees of other contractors.
Shortly before the spyware was discovered, the World Bank's Independent Evaluation Group — a unit responsible for critiquing the quality of bank projects—was moved into the IMF's headquarters building, where it is now taking up an entire floor.
"Before the move, there was a single point of access — a server that acted as a firewall between the IMF and the bank," explains a technology expert at the bank. "The IMF was allowed into the World Bank's network, but not vice-versa. After the move, World Bank data, or packets, intermixed with the IMF data because they were all on the same wires."
Belatedly, it seems, the World Bank is attempting at least a partial cleaning of its systems. A bank insider tells FOX News that, in the wake of the FOX articles about its security penetrations, "all of the computer systems are being 'changed out' and overhauled in the Dept of Institutional Integrity [the bank's internal investigative arm]."
In fact, the computer assaults on the World Bank and the IMF are only part of a rash of sensitive cyber-burglaries that even reached into the U.S. presidential campaign. Both London's Financial Times and Newsweek recently reported that the computer network of the White House, and the Obama and McCain campaigns, were seriously breached.
The Pentagon claims the Chinese army has established units to develop viruses to attack enemy computer systems. Chinese hackers penetrated the Pentagon last year, in an attack that obtained e-mails from the system serving Defense Secretary Robert Gates.
Despite vigorous Chinese denials, "everyone in the intelligence community knows that China is the biggest player in cyber espionage," says John Tkacik, a former head of China intelligence for the U.S. State Department. Tkacik told FOX News that later this month, President-elect Obama will be presented with a new top-secret National Intelligence Estimate (NIE) report that "will cause the scales to drop from his eyes" regarding Chinese cyber-espionage.
"What the Chinese are particularly interested in at the IMF is what loans the IMF is likely to give to other countries," says Nick Day, a former British intelligence officer who runs Diligence, a private investigative firm that does extensive work for many international corporations and institutions.
"The geopolitics of this is that essentially you've got a few countries in the world that are stacked on huge foreign capital reserves — Russia, China, Japan, the Middle East — and the rest of us are pretty much borrowers to those lenders.
"And what the Chinese are looking to do is to get influence over a number of third world countries where there are assets in particular, where there's minerals, oil, etc. — where there's wealth that would be strategically useful. And if the IMF is not going to bail them out, or is going to bail them out at a rate which is fairly punitive, then the Chinese can go into those countries and say, "Don't go to the IMF. Come to us. We'll bail you out and we want exclusive deals over the next 20 years to all your mining concessions in your country, access to mineral wealth, access to oil'— all the raw materials that China is going to need to keep carrying its economy forward."
At the World Bank, water-cooler speculation about Chinese intelligence-gathering has taken another turn. FOX News has learned that the bank's internal watchdogs have recommended sanctions against five major Chinese government-owned companies for corruption on roads-building projects in the Philippines.
"People in the bank are wondering about the coincidental nature of all this," a well-placed bank security expert told FOX News. "The cyber-attacks ramp up just as these guys are heading right into the Sanctions Board."
Asked to comment on the impending possibility of sanctions, a World Bank spokesman instead offered FOX News an exclusive on the "full and complete story" if FOX would delay publication of the news well beyond this weekend — when world leaders would be discussing the institution. FOX News declined.
Security officials are warning users of a clever new phishing scam arriving in emails purporting to come from the US Federal Reserve.
The US Computer Emergency Response Team (US-CERT) said that the spammed messages direct users to a web page which warns of a new phishing scam targeting users.
The message contains a fake Federal Reserve letterhead and warns users in typically broken English that a "large-scales phishing attack started and has been still lasting".
In addition to the shoddy grammar, the messages are identifiable in their attempt to lure victims to an outside URL.
On clicking the link, the user is briefly sent to a fake Federal Reserve page which attempts to download a PDF file, supposedly containing further details on the attack. Shortly after accessing the page, the user is forwarded to a pornographic web site.
Joey Costoya, advanced threats researcher at security firm Trend Micro, said in a
blog posting that the PDF file is loaded with malicious JavaScript which attempts to download and install a number of malware packages, including a botnet controller.
Costoya noted that the botnet uses a Secure Socket Layer connection to send and receive encrypted information between the botnet server and infected machines, a particularly interesting characteristic.
"This is certainly an improvement over the web-based bots of old, where traffic [is] seen in plain text," he explained. "Makes one wonder what else the bad guys have in store for us."
In addition to keeping updated system and antivirus software, US-CERT recommends that users exercise caution when viewing unsolicited messages and avoid clicking on any links which may seem suspicious.
The election is over, but the Joe the Plumber case is not.
Ohio Inspector General Tom Charles said his office is now looking at a half-dozen agencies that accessed state records on Samuel Joseph Wurzelbacher.
The Beacon Journal has learned that, in addition to the Department of Job and Family Services, two other state offices — the Ohio Department of Taxation and Ohio Attorney General Nancy Rogers — conducted database searches of Joe the Plumber.
Wurzelbacher became an instant celebrity after he asked Barack Obama a series of questions in his Toledo driveway about the Democrat's tax policies.
In the third debate between Obama and Republican John McCain on Oct. 15, the candidates referred to Joe the Plumber more than 20 times.
The next day, the taxation department conducted two separate searches of a database of liens for unpaid taxes that were certified to the Ohio Attorney General's Office for collection.
John Kohlstrand, a taxation department spokesman, said he is prohibited from talking about individual taxpayers, but he confirmed that the databases were checked.
The searches were done to determine whether a lien placed against the individual was appropriate and whether it remained unpaid or not, Kohlstrand said.
The department's first search of the day was unsuccessful because of incorrect information about the individual, Kohlstrand said. Ohio Attorney General Nancy Rogers' office then contacted taxation because it was having difficulty accessing the database, Kohlstrand said. After the two agencies talked, taxation completed a successful search.
Kohlstrand said that the AG's office wanted access to the records so they could turn over to the national media lien information that was a public record in Lucas County. He said the national media did not have reporters in Toledo, so the attorney general's office was helping them out with public records.
On the day following the two searches, the taxation department conducted a search of another in-house database that tracks cases and correspondence between taxpayers and the department before the liens being certified and turned over to the attorney general for collection.
Rick Anthony, deputy tax commissioner, said there are times when a payment can be in the pipeline so a lien appears unpaid when in fact the taxpayer or business has repaid the state.
Anthony said the database searches on both days were conducted to ensure that the information in Lucas County was being properly reported by the media.
''Wouldn't that have been a disaster if the lien had been paid,'' Kohlstrand said. ''The responsible thing for us to do would be to take prompt steps to make it right.''
''We are not aware of any inappropriate browsing of information by anyone in our department pertaining to Mr. Wurzelbacher,'' Kohlstrand said.
Jim Gravelle, a spokesman for Attorney General Rogers, said he could not comment on individual records because of privacy issues. He said he would not confirm or deny that the AG's office went to taxation or whether his office had been queried by the inspector general.
The day after the debate, media outlets began reporting that Joe the Plumber's real name was Samuel, he was not a licensed plumber and he owed close to $1,200 in back taxes and additional money to a hospital.
His home was besieged by media outlets, including television crews that camped on his lawn.
Wurzelbacher had questioned Obama's plan to raise taxes for anyone with an income exceeding $250,000 because he planned to purchase his own plumbing business.
His current income made him eligible for a tax break under Obama's plan.
Wurzelbacher later endorsed McCain at a campaign stop in Ohio and hired the Pathfinder Management group in Nashville to manage his career.
Kohlstrand would not comment on an investigation by the inspector general, but Charles confirmed Thursday that he is looking into the taxation department to determine whether their searches were appropriate.
Charles said he does not know at this point if anyone in any of the agencies did anything wrong.
The inspector general began investigating after news reports surfaced that Helen Jones-Kelley, director of the Ohio Department of Job and Family Services, ordered her agency to conduct background checks on Joe the Plumber.
Jones-Kelley maintains that her agency routinely checks on people who are thrust into the spotlight to determine whether they have unpaid child support bills, are receiving public support from her department or owe unemployment taxes.
After the election, Gov. Ted Strickland placed Jones-Kelley on paid leave. The governor said the suspension was for a matter unrelated to the background checks on Joe the Plumber.