Skip to content

Bit9

← Back to Blog
12 Jun 2011

Cyber Attack at IMF – Why Motivations Matter

Harry Sverdlove

The news of major cyber attacks and data breaches just keeps coming. It has just been reported that the International Monetary Fund, an organization tasked with monitoring and ensuring the financial stability of the global economy, was the target of a major cyber attack. According to the reports, the attack occurred over a period of several months and involved sophisticated and custom malware that established a foothold, and performed reconnaissance and data exfiltration within the IMF network.

The IMF monitors the economies of 187 member nations. The financial information it collects on these nations could be used to influence currency trading, stock markets, and more. Depending on the information stolen, the possibilities are truly frightening.

In today’s cyber threat landscape, we are facing three major actors. What makes the IMF breach a useful case study is that all three of these cyber enemies have motives to target the IMF:

Hactivists: These are loosely organized groups of hacker activists. Two of the most renowned are Anonymous and LulzSec, and claimed responsibility for several of the numerous attacks on Sony. Hacktivists’ motivations can be unpredictable. They will target individuals, companies, and even nations if they feel an injustice has been committed. Just 10 days ago, Anonymous placed IMF on notice that they were to be targeted for their policies regarding Greece’s economic situation.

Hacktivists are not motivated by money and they rarely shy away from making their point as publicly as possible. If they steal confidential or sensitive information, they’ll post it online for the world to see (case in point: their strong support for WikiLeaks). With rare exception, they tend not to wage long term campaigns – they attack in force, make their point loud and clear, and move on. (Sony is one of those exceptions – because after months of attacks, hackers are still able to easily steal information from the various Sony networks and it’s become sort of a running joke within the hacktivist community.)

Given the apparent sophistication of the IMF attack, the fact that it began months ago, and that no hacktivist group has publicly claimed credit, it is fair to say this recent breach was not the work of such an attacker.

Criminal Enterprises: There are organized crime syndicates operating global networks.
They make money through cyber crime. While many of these enterprises are based in Eastern Europe, they can be found around the world. They are the easiest of all the actors to understand – they are motivated by profit. They use social networking, phishing and malware to trick users into revealing their personal information, and use that information to steal identities, steal credit cards, and siphon money out of bank accounts. They are not discriminate in their targets – cyber crime will attack anyone and anything it can.
An email sent to IMF staff last week said there “was no reason to believe that any personal information was sought for fraud purposes.” Given the attack appears to be highly targeted, and does not appear to involve basic identity data, it does not fit the typical pattern of a cyber criminal. Moreover, influencing or destabilizing the global economy does seem a bit far-fetched for a criminal enterprise (unless we’re talking about Dr. Evil from the Austin Powers movies). Stealing personal information from Citigroup is more their style.

Nation-States: The last, and by no means least, major actor on today’s cyber threat landscape are nation-states. These are countries and governments who sponsor and support cyber attacks. In today’s interconnected world, there is no better way to spy on your enemies than through their own computers and networks. Why invest billions of dollars into some new stealth fighter when you can steal that information with the click of a mouse? If a war comes, why send citizens to fight when you can cripple an enemy’s economy or their infrastructure from a keyboard halfway around the world? Nation states desire to obtain as much intelligence and intellectual property as they can, and establish footholds in as many sensitive locations as possible. These enemies have bottomless pockets – profit and expense are no matter, and they have endless patience – they are comfortable spending years on infiltration campaigns. They have the resources to perform the most sophisticated cyber attacks possible.

The articles currently describing the IMF breach come right out and use the phrase “nation state” when describing the targeted nature of the attack. This has all the tell tale signs of a state sponsored attack – patience, sophistication and stealth. And only a nation state, with its resources, could truly capitalize on the type of data that might be stolen from IMF.

Three very different cyber enemies: different motivations, different resources and sophistication, and different end goals. All very dangerous and all very active. When you are in the cross hairs of all three, as IMF is, you had better think hard about your cyber security.

email

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

*

* Copy this password:

* Type or paste password here:

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.


Our Solutions

Our Products

  • Blog

+1 617-393-7400 US