http://www.foxnews.com/story/0,2933,445829,00.html By Richard Behar FOX News November 02, 2008 Is the World Bank in the middle of a security meltdown? Over the past year, as FOX News reported three weeks ago, the bank has suffered a series of Internet attacks that penetrated at least 18 and perhaps as many as 40 of the bank's data servers. Moreover, spyware was apparently installed on computers inside the bank's treasury unit in Washington. The bank denies that sensitive data was compromised in any of the attacks. Now, FOX News has learned, hundreds of employees of an India-based technology contractor that World Bank president Robert Zoellick ordered off the agency's property last April on security grounds are still working for the financial institution. They have been transformed in recent months into bank staffers or shifted onto the employment rolls of other contractors. These revelations raise more questions about the safety of sensitive information at the world's largest and most influential anti-poverty lender. They also raise questions about the dependence of the bank on outside contracting help to maintain an information and communications system that is a hodgepodge of both semi-obsolete and cutting edge technologies, and far less secure than many people around the world have reason to expect. The significance of those weaknesses is still far from clear . especially as the bank strenuously denies that any of them exist. Yet despite those denials, FOX has learned, the bank's top executives recently held secret meetings to discuss whether the institution should sever all ties with outside information technology vendors. For the time being, according to inside sources, the bank has put the process of signing new information technology contracts on hold. (A bank spokesman, who insisted on anonymity, denied both the secret meetings and the hold on contracts.) The World Bank doles out $25 billion a year for 2,000 development projects around the world, ranging from hydro-power plants in India to highways in China, from the privatization of state enterprises in Niger to the modernization of tax-collecting systems in Bulgaria. It also manages a $70 billion investment portfolio, and owns one of the largest repositories of confidential data about the economies of its 185 member-nations, down to such minutiae as the amount of hard currency that any central bank holds in real time, meaning the current state of its accounts. That information is voluntarily handed over on the assumption that it will remain confidential. Knowing what's inside the World Bank's databases could be worth billions to speculators, hedge funds or governments anxious to increase their leverage or even destabilize other national economies in the current financial turbulence. In short, confidence in the bank's information security system is nearly identical with confidence in the bank itself. While the lending agency is denying that any sensitive data was compromised by the computer breaches, internal memos and testimony from inside sources suggest that it may in fact already have suffered the greatest security breach ever at a global financial institution, a series of intrusions - starting in mid-2007 - that the bank's senior technology manager in an email called "this unprecedented crisis." [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Mon Nov 03 2008 - 00:28:18 PST
This archive was generated by hypermail 2.2.0 : Mon Nov 03 2008 - 00:37:27 PST