The United Nations was Hacked and Tried to Keep it a Secret

  • Hackers have managed to breach into forty central UN servers, stealing 400 GB of data in the process.
  • UN claimed reasons of immunity to support their decision of choosing not to disclose the incident.
  • Although the organization has been investing in bolstering its security for years now, they have failed.

According to reports by “The New Humanitarian”, the United Nations has fallen victim of a major hacking attack that compromised its Europe-based IT systems, and which the officials of the organization chose to keep it a secret. The attack was detected in August 2019 by the UN’s Geneva IT team, who figured that the break-in had actually happened a month earlier. Upon further investigation, the UN employees discovered that the compromise spread over to 40 of their servers in Geneva and Vienna holding important data of its human resources department, as well as the human rights office.

The accounts that have been compromised first belong to administrators, and from there, tapping onto staff accounts was easy for the actors. The records that have been accessed by the infiltrators include the commercial contracts of the organization, the staff records, their health insurance, their passwords, and various business documents. According to the reports, the UN employees who have been exposed through this incident are approximately 4000. However, the UN informed none of them about the fact that their personal data has been compromised, saying that under diplomatic immunity they were not obliged to make the incident known to anybody.

A senior UN IT official has admitted that the actors have downloaded about 400 GB of data from the organization’s servers. According to experts, this attack was the work of a sophisticated threat actor, who took advantage of a bug existing in an unpatched software tool (SharePoint). The UN has failed to protect its systems and to disclose a similar occurrence in 2016. Since then, the organization has spent over $1.7 billion in reforms aiming to secure the data they’re holding, but several audits that followed showed that nothing has changed for the better.

Rui Lopes, the Engineering and Technical Support Director at Panda Security has provided us with the following comment:

“The news that the United Nations was the victim of an advanced persistent threat (APT), likely state-sponsored, for the purposes of espionage, is not all that surprising. The UN maintains critical data at a global scale that multiple states and organizations would like to have their hands on, and this level of sophistication is indicative of that purpose. What may strike as surprising is the UN’s IT security strategy likely not including a strong endpoint protection posture, including data access monitoring and control as well as Threat Hunting, thus allowing bad actors to exfiltrate untold amounts of data.”

In December 2019, the United Nations endorsed a comprehensive cybersecurity action plan that introduced additional technical and procedural controls, but the effectiveness of these measures remains to be seen. The one thing that needs to change in the way things work in the UN is to be more transparent instead of hiding incidents like this. Immunities are meant to protect the UN’s mission against political challenges, and not to be exploited as excuses to hide grave security breaches. If the UN suffers no consequences about their failure in this field, then no one will feel any pressure to build more secure systems and manage data more responsibly.

REVIEW OVERVIEW

Recent Articles

How to Watch ‘Flipping Across America’ Online – Live Stream Season 1

HGTV is making sure that our summers are full of excitement and new shows, and we are certain that Flipping Across America will take...

Qualcomm Snapdragon 865 Plus Is a 3GHz+ Gaming Beast

Qualcomm has boosted the Snapdragon 865 by 10%, delivering a powerful 5G flagship chip. The “Plus” version comes with all the goodies...

“Religare” and “Impact Guru” Leaked the Data of 5.5 Million Indians

Two catastrophic data breaches hit Indian companies dealing with health insurance and crowdfunding. The data that has been stolen is extremely sensitive,...

Intel Presented the Technical Specifications of the Thunderbolt 4 Interface

The Thunderbolt 4 controllers will soon be made available to hardware vendors. The new protocol is unquestionably an improvement over the previous...

How to Watch ‘Cannonball’ Online – Live Stream Season 1

Summertime is all about the light content, and the contests that keep it fun, and that's exactly what Cannonball is all about. Scheduled to...

Technology

How to Watch ‘Flipping Across America’ Online – Live Stream Season 1

HGTV is making sure that our summers are full of excitement and new shows, and we are certain that...
- Advertisement -

Qualcomm Snapdragon 865 Plus Is a 3GHz+ Gaming Beast

Qualcomm has boosted the Snapdragon 865 by 10%, delivering a powerful 5G flagship chip. The “Plus” version comes with all the goodies...

“Religare” and “Impact Guru” Leaked the Data of 5.5 Million Indians

Two catastrophic data breaches hit Indian companies dealing with health insurance and crowdfunding. The data that has been stolen is extremely sensitive,...

Intel Presented the Technical Specifications of the Thunderbolt 4 Interface

The Thunderbolt 4 controllers will soon be made available to hardware vendors. The new protocol is unquestionably an improvement over the previous...

How to Watch ‘Cannonball’ Online – Live Stream Season 1

Summertime is all about the light content, and the contests that keep it fun, and that's exactly what Cannonball is all about. Scheduled to...