The latest infiltration was sophisticated in that it involved significant reconnaissance prior to the attack, and code written specifically to penetrate the IMF, said Tom Kellermann, a former cybersecurity specialist at the World Bank who has been tracking the incident.
“This isn’t malware you’ve seen before,” he said, making it that much more difficult to detect. The concern, Mr. Kellermann said, is that hackers designed their attack to gain market-moving insider information.
The attackers appeared to have broad access to IMF systems, which would give them visibility into IMF plans, particularly as it relates to bailing out the economies of countries on shaky financial footing, Mr. Kellermann said.
That could be a problem.
Apparently the IMF doesn’t seem to think that encrypting data in file stores is important. It might now, of course, but it’s a bit late.
Now the question turns to who it was. Was this a state-sponsored attack or was it the activity of what could be called “activists” who are interested in using this information either for profit or, more likely, as a means to either embarrass or even attempt to civilly detonate governments?
One has to wonder exactly what’s going on here with the recent ramp-up of these sorts of incidents. The recent RSA token scandal was one that apparently had its roots planted several months ago and was hushed up. These little “two-factor” tokens are extremely secure provided the key-generation algorithm tied to their serial number is not compromised. But if it is then the token is literally worthless.
Why the IMF? Well, that’s simple: There’s plenty worth stealing there, even though there shouldn’t be. Rumors abound, of course – that the IMF entered into secret treaties (and “treaty-like” agreements) with various governments related to the Greek bailouts (and others), that there are certain hidden (and not-so-hidden) facts about who’s holding the risk on Greek debt in these discussions and more.
The latter, by the way, is interesting. The “direct exposure” to a Greek, Irish or Portugese default is mostly in Europe, as you would expect. But the indirect exposure via credit instruments, including those damned Credit Default Swaps, is substantially in the United States.
This is not a trivial amount of money either; we’re talking about, in aggregate, north of a trillion dollars. Of that roughly $129 billion rests here in the United States in the form of these indirect and not clearly denoted obligations.
Guess what this means folks? US Financial Institutions would have to make payments to European banks. Once again we would be bailing out Europe for their idiocy.
When did this all happen? Who’s been selling CDS against foreign debt, why, and where are the reserves, amounting to more than $120 billion, behind those sales? That is not a small amount of money.
I have said this repeatedly since the crisis erupted: All credit instruments must be exchange traded, not “cleared” or “registered.” This double-blinds the transaction and forces nightly posting of margin and identification of the risk that each party is holding. It prevents “chained risk” and thus systemic risk. And finally, it prevents hiding this sort of crap as the open interest on each contract is visible to everyone, every night, in public and everyone involved must prove capital sufficiency every night.
The solution to this problem remains as it was in 2007 when I started yelling about it: Force it all onto an exchange and for those who cannot post margin as they simply do not have the money declare the contracts fraudulently entered into and void.
Dodd-Frank refused to address this. Our government has refused to address this. Now, four years on into the mess which was not fixed, we are seeing “Round #2” and as the BIS data shows and John Mauldin has published, we are again being held hostage by a bunch of crooks who wrote “insurance” against risk without the money to pay.
It is time for Congress and the people to demand answers and stop this crap right now. We, the people, must not pay off these bets in what is clearly an organized looting operation.