World Bank Attacked By Hackers
Somehow, the World Bank has kept secret for the last 14 months that 18 of its servers were the target of a successful intrusion by an unidentified hacker or group or hackers.
Fox News uncovered the attacks after obtaining internal memos concerned with the incident. World Bank spokesman Carl Hanlon confirmed the authenticity of the memos to USA Today, but assured the paper that, "at no point was any sensitive information accessed." Many experts have reacted with skepticism to this assurance, however.
Sophisticated cyber attacks often leave little evidence that they ever happened, and often hide software on the target system to harvest data or continue to grant undetected access to the attacker.
Companies and government offices are continuously improving upon their cyber-security apparatus, but it always seems that the hackers are one step ahead. [From: USA Today]
Reader Comments (Page 1 of 1)
joe-joe @ Oct 13th 2008 7:50PM
cheers for the hackers.hope they make public what they found.
dennis @ Oct 13th 2008 9:29PM
life in prison and confiscation of all assets for all hackers..
Steven @ Oct 14th 2008 4:38AM
So it says in the article that 18 servers were attacked by an unidentified hacker or group of hackers yet the title says there were 18 hackers. So which is it?
Ashram @ Oct 14th 2008 8:40PM
"It always seems that the hackers are one step ahead."
They usually always are because hackers discover an exploit that nobody administering these systems ever know about until they find out rather late that there was a compromise.
The fix is made usually after the damage has been done to someone already.
The biggest problem is that the only way to get ahead of hackers without disconnecting from an open network is for a system administrator to be a hacker him or herself and find ways to crack their own systems and then apply patches. But that's a very arduous and ongoing task. A lazy way to do it is to manage how the systems are accessed, including taking the systems offline or off an open network for times where they cannot be actively monitored. Of course, that's not always practical.
In addition, there will always be potential exploits in any system of any significant complexity. There can even be patches to a problem that may fix it but also opens up new exploits just waiting to be discovered!
In all, no system can ever be made completely invulnerable to attack for the simple fact that such a thing implies perfection in a design or a configuration, which is an engineering impossibility. The only thing you can do to help security is to make the task of cracking it so difficult that it opens questions on whether or not it's really worth it (and, ironically, that can make you question whether or not such security is worth it as well).