
World Bank Under Cyber Siege in 'Unprecedented Crisis' - gibsonf1
http://www.foxnews.com/story/0,2933,435681,00.html
======
ryanmahoski
It appears a contractor at the World Bank methodically compromised a _ton_ of
sensitive information.

Article Summary:

Between 18 and 40 servers at the World Bank Group were secretly compromised
during the past year. Among them: 6 SAP servers, a security/password machine,
a server that contained "scanned images of staff documents" and one that held
contract-procurement data.

Senior IT guy at the bank's headquarters: "They took our existing data stores
and organized them in a way that they could be easily accessed at will...They
had access to everything...They had the keys to every room at the bank. And we
can't say whether they still do or don't..."

The first major breach was on the subsidiary International Finance Corp in
2007. The invader had at least 6 months of total access to the company's data.

A second major breach occurred in April '08 on the World Bank Treasury system.

Then in June they found a sysadmin password on an external box which let them
to log into the World Bank's insurance arm. From there they compromised yet
another sysadmin account and you get the picture.

Evidently a contractor installed a keystroke logger.

