recommended reading

Hackers target U.N., World Bank personnel

This story has been updated.

A new hacker group on Tuesday claimed to have leaked the email addresses and passwords of more than 100 individuals at the United Nations.

Referring to the U.N. as a "senate for global corruption," the so-called TeaMp0isoN hacktivists apparently were avenging what they view as inaction during the breakup of Yugoslavia, displacement of Palestinians in allowing the creation of Israel and other "atrocities" committed by the international body.

The data dump purportedly posted by the group alludes to weak security at the U.N., but stops short of detailing how it infiltrated the organization's computers, saying, "We will let the so-called 'secutiy experts' over at the U.N. figure that out."

The alleged breach is the latest in a string of government-related email exploits, including the unauthorized disclosure of online credentials belonging to personnel at the Justice Department, Arizona Department of Public Safety, Defense Department and government security firm HBGary.

Most of the email addresses listed in Tuesday's leak appeared to belong to staff at the United Nations Development Program. The data was housed in an older system and may be outdated, according to U.N. officials.

"UNDP is in the process of validating this claim," spokeswoman Sausan Ghosheh said. "Preliminary results indicate that our current server, including our undp.org website, has not been compromised. They have compromised an old server, which contains old data."

She added that the agency is working to close any vulnerabilities on its website. Later in the day, Ghosheh said the UN had located the compromised server -- a 2007 system -- and taken it offline. The server did not contain any active passwords for the accounts listed.

TeaMp0isoN's list also included some user accounts at the World Food Program, UNESCO -- U.N. Educational, Scientific and Cultural Organization, UNICEF, U.N. Population Fund, and World Health Organization.

A few individuals with email addresses at the World Bank, which is not part of the U.N., were targeted as well.

Aligning itself with the Occupy Wall Street movement, TeaMp0isoN recently threatened to join hacker group Anonymous in taking down the financial sector through a digital attack dubbed "Robin Hood." A message from TeaMp0isoN on Twitter stated Tuesday's penetration is unrelated to that operation, which "is yet to come."

Roger Cressey, a top cybersecurity and counterterrorism official during the Clinton and Bush administrations, said the incident points to human error on the part of individuals at the UN.

"This has less to do with technology and more to do with people," said Cressey, who served as chief of staff for the President's Critical Infrastructure Protection Board after the Sept. 11 terrorist attacks. "Nine times out of ten, when there is identity theft the people to blame are those that did not practice proper security," by, for example, enforcing password policies.

Once outsiders sneak into a network, it is fairly easy to wreak havoc or extract data, he added. "Email theft and password theft is not that sophisticated but it's prevalent," said Cressey, now an executive at the consulting firm Booz Allen Hamilton. He should know. Earlier this year, Anonymous claimed responsibility for pilfering U.S. military email addresses from the company.

Threatwatch Alert

Accidentally leaked credentials / Misplaced data / Stolen credentials

Internet-Connected Teddy Bears Don’t Keep Secrets

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.