United Nations suffered sophisticated cyber attack, leaked report shows
Nickie Louise
Posted On January 30, 2020
Not a day goes by without news headlines about data breaches and hacking. It’s the dark side of the technology we so much enjoy. According to an internal confidential document from the United Nations, which was leaked to the New Humanitarian, sophisticated Hackers successfully infiltrated the United Nations servers in apparent espionage operation. The hacking was conducted at the United Nations offices in Geneva and Vienna last year in an apparent espionage operation, and their identity and the extent of the data they obtained is unknown.
“While researching cybersecurity last November, we came across a confidential report about the UN. Networks and databases had been severely compromised – and almost no one we spoke to had heard about it. This article about that attack adds to The New Humanitarian’s previous coverage on humanitarian data. We look at how the UN got hacked and how it handled this breach, raising questions about the UN’s responsibilities in data protection and its diplomatic privileges,” the New Humanitarian said.
According to the report, dozens of UN servers – including systems at its human rights offices, as well as its human resources department – were compromised and some administrator accounts breached, according to a confidential UN report obtained by The New Humanitarian. The breach is one of the largest ever known to have affected the world body.
When asked about the report, one U.N. official said the extent of the damage remained unclear, especially in terms of personal, secret or compromising information that may have been stolen. The official, who spoke on condition of anonymity to speak freely about the episode, said systems have since been reinforced.
The skill level was so high it is possible a state-backed actor might have been behind it, the official said.
“It’s as if someone were walking in the sand, and swept up their tracks with a broom afterward,” the official said. “There’s not even a trace of a cleanup.”
The leaked Sept. 20 report says logs that would have betrayed the hackers’ activities inside the U.N. networks — what was accessed and what may have been siphoned out — were “cleared.” It also shows that among accounts known to have been accessed were those of domain administrators — who by default have master access to all user accounts in their purview.
