Over the weekend, I expressed some curiosity over who hacked the IMF. They at least say it was a state actor.
Security experts said the source seemed to be a “nation state” aiming to gain a “digital insider presence” on the network of the IMF, the inter-governmental group that oversees the global financial system and brings together 187 member countries.
Tom Kellermann, a cybersecurity expert who has worked for the IMF and was in charge of cyberintelligence in the World Bank’s treasury team, said the intrusion could have yielded a treasure trove of non-public economic data used by the IMF to promote exchange rate stability, support balanced international trade, and provide resources to remedy members’ balance-of-payments crises. “It was a targeted attack,” said Kellermann, who serves on the International Cyber Security Protection Alliance.
[snip]
An internal memo issued on 8 June from the IMF’s chief information officer, Jonathan Palmer, told staff that suspicious file transfers had been detected and that an investigation had shown a desktop computer “had been compromised and used to access some Fund systems”. Significantly, he said that he had “no reason to believe that any personal information was sought for fraud purposes”.
The article mentions alleged Chinese hacks in three other places, suggesting they may be trying to cast blame.
But now this has gotten me thinking. If you were to talk about a country establishing a “digital insider presence” on computer networks looking to collect sensitive financial data, you could be describing this alleged hacker or … the United States’ wiretappers. And that’s even before we threaten to wiretap the SWIFT database so we can take what SWIFT won’t just give us.
I’m not suggesting, mind you, that we’re the ones who hacked IMF. Presumably we can just go and get what we want. But given that we are taking financial information on foreign powers that flows across the telecommunications backbones that transit our country, what’s to distinguish our spying from other countries’ hacking?