The United Nations (UN) admitted on Wednesday (January 29th) that it had been the victim of a computer hacking last summer, which affected its offices in Geneva and Vienna. The information was released by the news site The New Humanitarian, who had access to a confidential UN report on the intrusion, which the international body had previously killed.
This began in July, but was not detected until the end of August. Dozens of servers have been compromised, in offices that house, among others, the Human Rights Council, the Office of the High Commissioner for Human Rights, the World Health Organization, the World Health Organization commerce (Geneva), the International Atomic Energy Agency and the United Nations Office on Drugs and Crime (Vienna).
The UN has so far given no information on the data that the hackers could have stolen. The spokesperson for the High Commissioner for Human Rights, Rupert Colville, simply told the Associated Press (AP) news agency:
“We are daily confronted with attempts to intrude into our computer systems. This time, they succeeded, but they did not go very far. No confidential information has been compromised. “
We do not know what the situation is for the other organizations housed by the UN in Geneva and Vienna.
“Staff have not been informed”
“The damage from this attack has been contained”said UN spokesman Stéphane Dujarric without further details. He added that he was unable to determine the source of the attack, which was deemed “Serious”. And pointed out that she appeared “Endowed with means”.
According to the report, dated September 20, the hackers exploited a flaw in Microsoft software to break into the system. “The attack could have been prevented with a simple update”, laments the site The New Humanitarian. Software manufacturers regularly publish updates to their products, which are used, among other things, to plug more or less serious flaws.
After discovering the intrusion, the UN preferred to keep it quiet. “The staff, including me, have not been informed”said Ian Richards, the UN employee representative in Geneva, at the agency Associated Press. “We only received an email [le 26 septembre] informing us of ongoing maintenance operations. ”
The New Humanitarian added that employees were asked to change their passwords. And specifies that the UN statute exempts it from reporting this type of hacking – contrary to what is imposed today by European corporate law, for example.
“Since the nature and scale of the incident could not be determined, [les bureaux de Genève et de Vienne] have decided not to make this intrusion public ”, explained Stephane Dujarric to the specialized site.