United Nations agency 'hacking attack' investigated

  • Published
UNDP website
Image caption,

The United Nations Development Programme says it is "in the process of validating this claim"

A group of hackers has posted more than 100 email addresses and login details which it claimed to have extracted from the United Nations.

Many of the emails involved appear to belong to members of the United Nations Development Programme (UNDP).

The group, which identified itself as Teampoison, attacked the UN's behaviour and called it a "fraud".

A spokeswoman for the UNDP said the agency believed "an old server which contains old data" had been targeted.

"The UNDP found [the] compromised server and took it offline," said Sausan Ghosheh.

"The server goes back to 2007. There are no active passwords listed for those accounts.

"Please note that UNDP.org was not compromised."

'Leak'

The details were posted on the website Pastebin under the Teampoison logo.

The message preceding the login details accused the UN of acting to "facilitate the introduction of a New World Order" and asked "United Nations, why didn't you expect us?"

Many of the email addresses given end in undp.org, but others appear to belong to members of the Organisation for Economic Co-operation and Development (OECD), the World Health Organisation (WHO) and the UK's Office for National Statistics (ONS).

The poster noted that several of the accounts had "no passwords".

The message ended with the taunt: "The question now is how? We will let the so called 'security experts' over at the UN figure that out... Have a Nice Day."

Image caption,

The poster claimed the usernames and passwords had been sourced from the UN

Credit card attacks

The security company Sophos noted that Teampoison hackers had previously attacked the maker of the Blackberry smartphone's website and had published private information about former UK Prime Minister Tony Blair.

"Teampoison recently announced they were joining forces with Anonymous on a new initiative dubbed 'Operation Robin Hood', targeting banks and financial institutions," the firm's senior technology consultant, Graham Cluley wrote on Sophos's blog, external.

The groups said at the time that their operation aimed to take money from credit cards and donate it to individuals and charities.

They said people would not be harmed as the banks had to refund fraudulent charges.

Teampoison added a "shoutout" to Anonymous in its UN attack posting, adding a link to a Youtube video with more information about its banking attack plan.

These latest moves serve as a reminder that so-called hacktivists are skilled and willing to collaborate to take down their targets, according to Professor Alan Woodward from the University of Surrey's department of computing.

"One of the big problems is that there is so much data around that people forget about their older systems that still have valuable data on them," he said.

"The lesson here is that anything that holds any data of any value must be protected."

Related internet links

The BBC is not responsible for the content of external sites.