Financial Times: World Bank Takes Action On Cyber Attacks

By DEMETRI SECVASTOPULO

The World Bank has commissioned an external review of its informational technology networks following a series of cyber attacks on the international institution’s computer systems.

In recent days, the World Bank has fallen victim to cyber attacks that come on the heels of a series of hacking attacks over the summer. The bank announced internally that it was launching a “comprehensive external review” to examine its systems and cyber security practices.

The development institution has also taken responsibility for cyber security away from Guy De Poerck, chief information officer, and given the task to Robert Van Pulley, head of the general services. A spokesman declined to say whether the move signalled that Mr De Poerck was being being held responsible for the breaches.

The World Bank is just the latest organisation to fall victim to cyber attacks. The FT was first to report that Chinese hackers have penetrated the Pentagon and the White House computer networks. Hackers working from China also breached networks serving the campaigns of Barack Obama and John McCain during the presidential race.

As US government networks come under more frequent attack, the White House has launched a cyber security programme. It has also implemented new policies that prohibit officials from using computers and BlackBerrys in some countries, including China, Russia and Israel. The World Bank declined to say whether it had placed restrictions on employees’ use of computers overseas.

The World Bank also insisted that the recent cyber incidents had not penetrated some of the more sensitive parts of the institution, including its treasury and human resources departments. In a separate admission, however, it disclosed that the names and numbers associated with bank accounts had been stored on an unsecure external network.

“Outside experts believe there is a low risk that unauthorised financial transactions could take place based on the inadvertent posting,” the World Bank said in the internal announcement.

While the World Bank insists that there have been no major cyber security breaches, and stresses it is responding by hiring outside IT experts, one watchdog group said the moves were insufficient.

“This is like locking the barn door after the horse – and the key – have been stolen,” said Bea Edwards, international programme director for the Government Accountability Project. “This is a cosmetic fix. The Bank’s information system has been breached repeatedly for months, and may need a massive overhaul.”

While the Bank declined to comment specifically on the charges, a spokesman said Mandiant Corporation, a cyber security firm hired by the World Bank, had concluded that there no evidence that the treasury and human resource departments’ networks had been compromised.