recommended reading

Hackers target U.N., World Bank personnel

This story has been updated.

A new hacker group on Tuesday claimed to have leaked the email addresses and passwords of more than 100 individuals at the United Nations.

Referring to the U.N. as a "senate for global corruption," the so-called TeaMp0isoN hacktivists apparently were avenging what they view as inaction during the breakup of Yugoslavia, displacement of Palestinians in allowing the creation of Israel and other "atrocities" committed by the international body.

The data dump purportedly posted by the group alludes to weak security at the U.N., but stops short of detailing how it infiltrated the organization's computers, saying, "We will let the so-called 'secutiy experts' over at the U.N. figure that out."

The alleged breach is the latest in a string of government-related email exploits, including the unauthorized disclosure of online credentials belonging to personnel at the Justice Department, Arizona Department of Public Safety, Defense Department and government security firm HBGary.

Most of the email addresses listed in Tuesday's leak appeared to belong to staff at the United Nations Development Program. The data was housed in an older system and may be outdated, according to U.N. officials.

"UNDP is in the process of validating this claim," spokeswoman Sausan Ghosheh said. "Preliminary results indicate that our current server, including our undp.org website, has not been compromised. They have compromised an old server, which contains old data."

She added that the agency is working to close any vulnerabilities on its website. Later in the day, Ghosheh said the UN had located the compromised server -- a 2007 system -- and taken it offline. The server did not contain any active passwords for the accounts listed.

TeaMp0isoN's list also included some user accounts at the World Food Program, UNESCO -- U.N. Educational, Scientific and Cultural Organization, UNICEF, U.N. Population Fund, and World Health Organization.

A few individuals with email addresses at the World Bank, which is not part of the U.N., were targeted as well.

Aligning itself with the Occupy Wall Street movement, TeaMp0isoN recently threatened to join hacker group Anonymous in taking down the financial sector through a digital attack dubbed "Robin Hood." A message from TeaMp0isoN on Twitter stated Tuesday's penetration is unrelated to that operation, which "is yet to come."

Roger Cressey, a top cybersecurity and counterterrorism official during the Clinton and Bush administrations, said the incident points to human error on the part of individuals at the UN.

"This has less to do with technology and more to do with people," said Cressey, who served as chief of staff for the President's Critical Infrastructure Protection Board after the Sept. 11 terrorist attacks. "Nine times out of ten, when there is identity theft the people to blame are those that did not practice proper security," by, for example, enforcing password policies.

Once outsiders sneak into a network, it is fairly easy to wreak havoc or extract data, he added. "Email theft and password theft is not that sophisticated but it's prevalent," said Cressey, now an executive at the consulting firm Booz Allen Hamilton. He should know. Earlier this year, Anonymous claimed responsibility for pilfering U.S. military email addresses from the company.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.