U.N. network hacked, leaked report shows
— Sophisticated hackers infiltrated U.N. offices in Geneva, Switzerland, and Vienna, Austria, last year in an apparent espionage operation, and their identity and the extent of the data they obtained are unknown.
An internal confidential document from the United Nations, leaked to The New Humanitarian and seen by The Associated Press, says dozens of servers were compromised, including at the U.N. human rights office, which collects sensitive data and has often been a light- ning rod of criticism from autocratic governments for exposing rights abuses.
Everything indicates only a small group of U.N. staff- ers were informed about the breach.
“Staff at large, including me, were not informed,” said Geneva-based Ian Richards, president of the Staff Coun- cil at the United Nations. “All we received was an email (on Sept. 26) informing us about infrastructure maintenance work.” The council advocates for the welfare of employees of the world body.
Asked about the intrusion, one U.N. official told the AP it appeared “sophisticated” with the extent of damage unclear, especially in terms of personal, secret or compromising information that may have been stolen. The official, who spoke only on condition of anonymity, said systems have since been rein- forced.
Given the high skill level, it is possible a state-backed actor was behind it, the offi- cial said. “It’s as if someone were walking in the sand, and swept up their tracks with a broom afterward,” the official added. “There’s not even a trace of a clean-up.”
The leaked S ept. 20 report says logs that would have betrayed the hackers’ activities inside the U.N. networks — what was accessed and what may have been siphoned out — were “cleared.” It also shows that among accounts known to have been accessed were those of domain administra- tors — who by default have master access to all user accounts in their purview.
“Sadly ... still counting our casualties,” the report says.
Jake Williams, CEO of the cybersecurity firm Rendition Infosec and a former U.S. government hacker, said the fact that the hack- ers cleared the network logs indicates they were not top flight. The most skilled hack- ers — including U.S., Russian and Chinese agents — can cover their tracks by editing those logs instead of clear- ing them.
“The intrusion definitely looks like espionage,” said Williams, noting that the active directory component — where all users’ permissions are managed — from three different domains were compromised: those of United Nations offices in Geneva and Vienna and of the Office of the High Commissioner for Human Rights.
“This, coupled with the relatively small number of infected machines, is highly suggestive of espionage,” he said after viewing the report. “The attackers have a goal in mind and are deploying mal- ware to machines that they believe serve some purpose for them.”
Any number of intelligence agencies from around the globe are likely interested in infiltrating the U.N., Williams said.
The hack was not severe at the U.N. human rights office, said its spokesman, Rupert Colville.
“We face daily attempts to get into our computer systems ,” Colville said. “This time, they managed, but it did not get very far. Nothing confidential was compromised.”
U.N. spokesman Stephane Dujarric said the attack “resulted in a compromise of core infrastructure compo- nents” and was “determined to be serious.” The earliest detected activity related to the intrusion occurred in July.