Table of Contents

1.0 Article................................................................................................................................................... 2-3 2.0 Summary.............................................................................................................................................. 4-6 3.0 Discussion/Opinion ............................................................................................................................. 7-8 4.0 References .............................................................................................................................................. 9

1.0 Article FBI investigates 'major breach' of IMF security as fund comes under cyberattack By DAILY MAIL REPORTER The FBI has been called in as the International Monetary Fund has come under a 'serious and sophisticated' cyberattack. The scale of the hacking is still unknown - but the confidential information held by the IMF has the potential to move markets. Should it fall into the wrong hands and become public, the results could trigger political and economic chaos. One expert said the goal of the attack was to establish a 'digital insider presence' for a nation inside the fund's network. The agency is still in disarray from the arrest of Dominique Strauss-Kahn, who was head of the fund when he was accused of sexually assaulting a maid in a luxury New York hotel. The cyberattack is believed to have taken place before Strauss-Kahn's downfall. IMF spokesman David Hawley says the fund's computer systems are fully functional. 'It was a targeted attack,' said Tom Kellerman, a cybersecurity expert who worked at both the World Bank and the IMF. He understands the network architecture at both international financial institutions and who serves on the board of a group known as the International Cyber Security Protection Alliance. The goal was to install software that would give a nation state a 'digital insider presence' on the network, he told Reuters. 'The code was developed and released for this purpose,' he said. The New York Times cited unnamed IMF officials as saying the attack was sophisticated and serious - dangerous enough that the World Bank, located across the street from the IMF's headquarters in Washington, cut the computer link between the two bodies. The IMF manages financial crises around the world - such as the currency crisis currently gripping much of Europe.
2

It receives highly confidential information about the fiscal condition of many nations that, if revealed, could prove disastrous. Its database also contains the negotiations between national leaders on the terms of international bailouts - negotiations that are often held behind the scenes. One official told the New York Times such agreements, if publicised, are 'political dynamite in many countries'. 'This was a very major breach,' one official told the New York Times. However it is still unclear if any information was taken, or the attack was simply an experimental one. A World Bank spokesman said the link between it and the IMF had been cut out of an 'abundance of caution' until the severity of the attack is understood. The link does not permit access to confidential financial data held by other organisation - but does allow the two to share private data and conduct meetings. Most organisations hesitate to reveal much about cyberattacks for fear they will inadvertently give hackers more to work with. Recently Google has been the exception, aggressively announcing attacks and even pointing the finger at China - though that was quickly denied by Beijing. The IMF spokesman would not be drawn on the origin of the attack, however. The subject will be more delicate as most nations are members of the fund. The New York Times said the attacks may have merely been an intruder testing the system. Or they may have been made possible by more targeted 'spear phishing', in which an individual is tricked into clicking on a link or running a programme that allows the hacker in to their network. It is not believed that the attack is related to the sophisticated break-in at RSA Security in March. RSA provides computer security to many companies and governments. The information stolen in March was used last month to hack into America's largest military contractor, Lockheed Martin.

2.0 Summary A global revolution is changing business, and business is changing the world. As the internet comes it touches almost all aspects of life, it works as a worldwide connection of network that are accessible in many ways. Currently everything is moving faster than ever, there are no boundaries to almost everything. But little known that internal security is rather left unaddressed which gives an easy access for hacker to enter IT systems. This results in criminal phenomena of computer crime which is hacking. These problems can be prevented, the statistics shows that 64% experienced financial losses due to computer breach and only 70% reported they are frequent target of cybercriminals. Imposing much harsher cybercrime laws isnt necessarily a solution to this problem. It is obvious that Information technology has become the backbone of many business, and this bring about new category of criminal offender, the computer criminal, but this type of criminal is rather unique as they are mostly non-replicable, lack of design and anecdotal. Sometimes attacks can be based on simply open ports on a targeted machine, other factors includes skills and attitudes of hackers. Information Technology is rather unique as there are no borders and no clear line of jurisdiction, and currently there are many patches and backdoor access points which has opened to much broader ways of sharing information without considering cybersecurity issues. These have lead to security violations and attacked such as emergency911 systems, banks the military, air traffic control systems and private businesses. Basically there are two types of hackers: Outsiders or external hackers; and The insiders or internal hackers.

The insiders usually commits illegal activities to go against their own organization they are mostly introverts. They often show lack of ethical boundaries and ignore the meaning of private. They are lack of empathy and some of them believe they deserves a special recognition from such organization and seek revenge if not given this recognition.

As many systems are vulnerable to attack and level of intrusion of system rises, many attention are being focused on criminal hackers but little is known about them, since they are given freedom of anonymity, as they can be whoever they would like to portray. Some of these hackers are doing it for the sake of it challenge, excitement and succeed and to learn the pure intellectual satisfaction while many other doing it for other reasons such as sabotaging and for fraud purposes. As Denning (1998) indicated, the ethical boundaries of technology seem to be at odds with ethical standards found in real physical world. Many people feel that because they are not dealing with tangible items virtual files as opposed to real property the ethical considerations relating to personal property and privacy in the real world do not apply in the cyber world. This flexible morality allows people to engage in behaviors in the cyber world that they probably would avoid in the real world invasion of privacy and theft (Rogers, 2001). Ethics, or an apparent lack of them, has become such a concern that there have been several heated debates surrounding this issues in the IT sector. Hacking will surely be around for quite a period of time with this business needs to get ready to face them. Currently there are not much theories on how to specifically deals with hacking behaviors which makes the procedure rather unique and dependant. The world nowadays is in the danger of electronic crime and threats are not decreasing. Only few laws currently serves specifically on technological crimes, which results in extremely difficult to differentiate technological or social problems and behaviors problem with organization structure. To see how hackers have damage the society today and the increase of computer abuse incidents and what can be done to address this problem. There is always a criminal inside a mature society which act as the destructive element and it is no exception to IT society this includes hackers, this unwanted element have been expected since the beginning. At the beginning these hackers started by cracking password to gain unauthorized into a system. As the system within the environment grows mature so does the nature of abuse. Based on statistics only 2.5% reported case of hacking which only shows small proportion compared to the actual figure.

Some cases arent reported as company too scared as it will reduce the confidence in IT society. It is clear that sometimes hacking is used as the means to achieve other end needs. It has been observed that these abuse has increase rapidly over the decades both in term of incidents and associated losses and it is indicated the abuse has become more widespread and the activity is more than just a mere curious exploration. Sometimes company has detected the danger but ignoring it which at the end of the day they need to pay for the price. Technological changes are fast paced but the laws governing it arent able to cope with this. Some legislation dont fully understood the importance of measures needed to govern such society the least we can do is to prepare for action should it become necessary as these technology are mostly arent prepared for this. Computer abuse isnt the only problem it shows attempt of one part inflicting damage on others. Within a society there is always unethical or disruptive element but it is important to address this issue such as we address other crime issues.

3.0 Opinion/Discussion As hacking becomes a phenomena in computer crime, one thing that makes it more interesting for me is the rarely address internal security gaps. This problem can actually be prevented. Hacking uses the aid of internet which has no boundaries. In my biased opinion organization must think as a whole to prevent data breaches. The problem with hacking into database is that they have all these things that contains sensitive information especially in this case IMF which held confidential information that has the power to change the markets. Since hacking is such a broad ethical issues it is usually not properly understood and defined, which most of the times being taken lightly by some corporation and organization. But in this case it is the International Monetary Fund which contain information that are so sensitive if it ia given to the wrong person and or organization it could results in political and economic catastrophe. This information is desired by many so definitely there is conflict of interest, this case is not only for the sake of the thrill, it is definitely more than just the excitement and not for individual interest. In my understanding, the hacker of this case is either planning to have an informant in the system as reported the goal was to install software that would give a nation state a digital insider presence or just testing the system. But just testing the system of IMF doesnt make sense for me as it isnt worth the risk of testing. Either way IMF is in the edge of jeopardizing their information. What concerns me the most is that the hacker is a criminal insider rather than criminal outsider. This person might have a valid access to the system but purposely using it against its original purpose and using it with bad intention, this person might felt underappreciated which results in committing activity against organization policies. As it was mentioned in the article it was targeted attacks which is safely assume that this person is well equipped with the skills and know the system well too and most of all, this person manage to get access to the system. IMF could suffer from significant long term consequences which in turn effects the global economy. As mentioned in the article the funds computer were fully functional so in my opinion attacks from the outsider is less likely.

This attacks were so serious that the World Bank decided to disconnect links between the 2 organization. Currently there is now way to accurately estimate the number of hacking accurately for annually as this is the result of not all cases being reported. Since many hacking goes undiscovered or unreported for a long time it is possible that the current number is surprisingly high. This type of data breach from the IMF database will definitely impact largely on most nations as it is reportedly other than highly confidential information about the fiscal condition of these countries it also contains negotiation between national leader which are mostly very secretive. From my perspective IMF isnt only affected in way of losing its important information but also the reputation as world well-know funding bodies. IMF have not had enough precaution it should have on how to deal with this kind of situation. More training will need to be perform so in future event much better precaution will be taken in facing these situation. As I mentioned previously regarding the case being criminal insider, IMF need to increase the level of sophistication in information protection and on how they store and transmit such information. This should be done from the inside by hiring expertise to do it in-house. Hacker is just one of many of the consequences of IT society which act as unethical and disruptive element in the environment. They can be prevented by taking regular precautions and re-evaluate it every now and then.

4.0 References

1. Daily Mail Reporter. (2011), FBI Investigates major breach of IMF security as fund comes under cyberattack, at www.dailymail.co.uk/news/article-2002591/Major-breachIMF-security-hackers-break-funds-database-sophisticatedcyberattack.html#ixzz1P3HVOsQk 2. Steven M. Furnell and Matthew J. Warren (1997), Computer Abuse: Vandalizing the Information Society, Internet Research, Vol. 7 Iss: 1 pp. 61-66. 3. Alan D. Smith and Willian T. Rupp (2002), Issues in cybersecurity; understanding the potential risks associated with hackers/crackers, Information Management & Computer Security, Vol. 10 Iss:4 pp. 178- 183