By Richard Behar
November 02, 2008
Is the World Bank in the middle of a security meltdown?
Over the past year, as FOX News reported three weeks ago, the bank has
suffered a series of Internet attacks that penetrated at least 18 and
perhaps as many as 40 of the bank's data servers. Moreover, spyware was
apparently installed on computers inside the bank's treasury unit in
Washington. The bank denies that sensitive data was compromised in any
of the attacks.
Now, FOX News has learned, hundreds of employees of an India-based
technology contractor that World Bank president Robert Zoellick ordered
off the agency's property last April on security grounds are still
working for the financial institution. They have been transformed in
recent months into bank staffers or shifted onto the employment rolls of
These revelations raise more questions about the safety of sensitive
information at the world's largest and most influential anti-poverty
lender. They also raise questions about the dependence of the bank on
outside contracting help to maintain an information and communications
system that is a hodgepodge of both semi-obsolete and cutting edge
technologies, and far less secure than many people around the world have
reason to expect.
The significance of those weaknesses is still far from clear .
especially as the bank strenuously denies that any of them exist. Yet
despite those denials, FOX has learned, the bank's top executives
recently held secret meetings to discuss whether the institution should
sever all ties with outside information technology vendors. For the time
being, according to inside sources, the bank has put the process of
signing new information technology contracts on hold. (A bank spokesman,
who insisted on anonymity, denied both the secret meetings and the hold
The World Bank doles out $25 billion a year for 2,000 development
projects around the world, ranging from hydro-power plants in India to
highways in China, from the privatization of state enterprises in Niger
to the modernization of tax-collecting systems in Bulgaria. It also
manages a $70 billion investment portfolio, and owns one of the largest
repositories of confidential data about the economies of its 185
member-nations, down to such minutiae as the amount of hard currency
that any central bank holds in real time, meaning the current state of
its accounts. That information is voluntarily handed over on the
assumption that it will remain confidential.
Knowing what's inside the World Bank's databases could be worth billions
to speculators, hedge funds or governments anxious to increase their
leverage or even destabilize other national economies in the current
financial turbulence. In short, confidence in the bank's information
security system is nearly identical with confidence in the bank itself.
While the lending agency is denying that any sensitive data was
compromised by the computer breaches, internal memos and testimony from
inside sources suggest that it may in fact already have suffered the
greatest security breach ever at a global financial institution, a
series of intrusions - starting in mid-2007 - that the bank's senior
technology manager in an email called "this unprecedented crisis."
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!