Last year, the U.N. offices in Geneva and Vienna were exposed to infiltrations by ‘sophisticated’ hackers. Their identity and amount of data that they collected are not yet clear, but it was confirmed to be an espionage operation.
An internal confidential document from the United Nations stated that dozens of servers were compromised. Among them was the server of the U.N. human rights office. This particular server collects sensitive data and has customarily been criticized by autocratic governments for exposing rights abuses.
One U.N. official told reporters that the systems have since been enhanced. According to the official, the skill level of the hackers was significantly high, meaning that it could have been a state-backed actor who attacked the system.
Rupert Colville, the U.N. human rights office spokesman, said:
“We were hacked. We face daily attempts to get into our computer systems. This time they managed, but it did not get very far. Nothing confidential was compromised.”
Colville’s statement contradicts the leaked September 2019 report. That report stated that among the exposed accounts include those of the domain administrators who have master access to all user accounts in their management.
CEO of the cybersecurity firm Rendition Infosec, Jake Williams, thinks that the hackers were not top-flight since they cleared the network logs. He explained that the highly skilled hackers cover their tracks by editing the records instead of wiping them clean. Williams added:
“The intrusion looks like espionage. This, coupled with the relatively small number of infected machines, is highly suggestive of espionage. The attackers have a goal in mind and are deploying malware to machines that they believe serve some purpose for them.”
The U.N. Office of Information and Technology released an internal document stating that 25 were deemed “suspicious,” and 42 servers were “compromised.” According to the report, hackers exploited vulnerability in Microsoft’s SharePoint software. They infiltrated the networks with an unknown malware that they used to exfiltrate information.
After reviewing the hacking report, the expert said that it seemed the entry point was through an anti-corruption tracker at the U.N. Office of Drugs and Crime. A range of the I.P. addresses that the hackers allegedly used was in Romania.
This hack comes amid increasing concerns about mobile and computer vulnerabilities for large organizations, businesses and individuals. This hack exposed the data of up to 4,000 employees. However, this information has been hidden from the staff until earlier this week.
“How much should U.N. staff trust the information infrastructure the U.N. is providing them? Or should they stop putting their information elsewhere?”
With cases of cyber attacks increasing around the world, it is crucial for everyone to take precautionary measures to ensure that they keep themselves safe for these criminal elements.