http://www.foxnews.com/story/0,2933,445829,00.html



By Richard Behar

FOX News

November 02, 2008



Is the World Bank in the middle of a security meltdown?



Over the past year, as FOX News reported three weeks ago, the bank has 

suffered a series of Internet attacks that penetrated at least 18 and 

perhaps as many as 40 of the bank's data servers. Moreover, spyware was 

apparently installed on computers inside the bank's treasury unit in 

Washington. The bank denies that sensitive data was compromised in any 

of the attacks.



Now, FOX News has learned, hundreds of employees of an India-based 

technology contractor that World Bank president Robert Zoellick ordered 

off the agency's property last April on security grounds are still 

working for the financial institution. They have been transformed in 

recent months into bank staffers or shifted onto the employment rolls of 

other contractors.



These revelations raise more questions about the safety of sensitive 

information at the world's largest and most influential anti-poverty 

lender. They also raise questions about the dependence of the bank on 

outside contracting help to maintain an information and communications 

system that is a hodgepodge of both semi-obsolete and cutting edge 

technologies, and far less secure than many people around the world have 

reason to expect.



The significance of those weaknesses is still far from clear . 

especially as the bank strenuously denies that any of them exist. Yet 

despite those denials, FOX has learned, the bank's top executives 

recently held secret meetings to discuss whether the institution should 

sever all ties with outside information technology vendors. For the time 

being, according to inside sources, the bank has put the process of 

signing new information technology contracts on hold. (A bank spokesman, 

who insisted on anonymity, denied both the secret meetings and the hold 

on contracts.)



The World Bank doles out $25 billion a year for 2,000 development 

projects around the world, ranging from hydro-power plants in India to 

highways in China, from the privatization of state enterprises in Niger 

to the modernization of tax-collecting systems in Bulgaria. It also 

manages a $70 billion investment portfolio, and owns one of the largest 

repositories of confidential data about the economies of its 185 

member-nations, down to such minutiae as the amount of hard currency 

that any central bank holds in real time, meaning the current state of 

its accounts. That information is voluntarily handed over on the 

assumption that it will remain confidential.



Knowing what's inside the World Bank's databases could be worth billions 

to speculators, hedge funds or governments anxious to increase their 

leverage or even destabilize other national economies in the current 

financial turbulence. In short, confidence in the bank's information 

security system is nearly identical with confidence in the bank itself.



While the lending agency is denying that any sensitive data was 

compromised by the computer breaches, internal memos and testimony from 

inside sources suggest that it may in fact already have suffered the 

greatest security breach ever at a global financial institution, a 

series of intrusions - starting in mid-2007 - that the bank's senior 

technology manager in an email called "this unprecedented crisis."



[...]





______________________________________________      

Visit the InfoSec News Security Bookstore

Best Selling Security Books and More!

http://www.shopinfosecnews.org 



Received on Mon Nov 03 2008 - 00:28:18 PST