IMF headquarters in Washington DC.
The IMF played down the incident, disputing the accounts of well-placed insiders who insist the agency went into a “lockdown” of its network for several days, but IMF spokesperson Bill Murray conceded that the fund had severed its network link to the World Bank “as a precaution.”
The cyber problems raise questions over whether the technological infrastructure of both agencies—described on the IMF’s website as the twin intergovernmental pillars supporting economic and financial order—can handle any extra stress in a world where hacking syndicates are growing (including from government spy agencies) and where the finance sector is the hardest hit of any industry.
Tom Kellermann, a former World Bank computer security official who is now vice president of security awareness at Core Security Technologies, criticizes what he calls “the negligence that existed for years” in the World Bank’s cyber security—a situation that he believes is finally being addressed. “Until recently, institutions like the World Bank and IMF have felt, ‘We’re development organizations. Why should we spend all this money and attention on cyber security issues?’” he says.
A key motivation for the breaches might be money. “There’s a recognition today [by hackers] that [the multilaterals] do move money,” Kellermann says. “There’s also a recognition that being able to front-run and hedge market moves—based on what the IMF and World Bank might move—could be advantageous.”
Kellermann adds that breaking into an agency such as the IMF’s system is especially attractive as it can represent a beachhead for enterprising hackers. “These agencies are connected to so many other major institutions and sensitive systems in the world, that they are used by hackers as a gateway, or transit point,” he says.