UN Development Programme says no sensitive information was lost as Teampoison published its emails
The United Nations Development Programme (UNDP) has confirmed that no sensitive information was compromised in a recent hack of its systems.
Hacker group, TeaMp0isoN, leaked almost 1,000 usernames, email addresses and passwords onto the Pastebin website.
Not just a trick
The list, which includes individuals from the United Nations Development Programme (UNDP), Organisation for Economic Co-operation and Development (OECD), UNICEF, World Health Organisation (WHO) and other groups, shows many users having either very basic passwords or none at all.
This, according to blog post by Graham Cluley, senior technology consultant at Sophos, would “Make many a system administrator groan and roll their eyes in exasperation.”
UNDP spokeswoman, Sausan Ghosheh, told the BBC that the hacked server, which goes back to 2007, contained old data and no active passwords. “The UNDP found [the] compromised server and took it offline. Please note that UNDP.org was not compromised.”
Cryptocard MD, Jason Hart, disagrees, saying that this intrusion is far more significant. “The UN has said that the information exposed is old data, but if you look at the YouTube video released by the hackers on Monday it shows account details and usernames as well as personal email addresses. As we all know, passwords cross personal and professional lives, so these people could well be compromised at work and at home. I would bet my last pound that most of these people are still using the same password, therefore they are vulnerable to attack.”
“The UN is seen as a symbol for security and trust for many millions of people around the world,” adds Hart, and since these hackers want the world to notice them, “Hacking their systems is Teampoison’s way of making a big statement to the outside world.”
“Time and time again this year we’ve seen hackers bypass the front door thanks to outdated security approaches such as static passwords. The implications for the UN, and the people’s details that are currently being advertised on YouTube, is significant,” warns Hart.
The hacker responsible for the attack, TriCk, taunted the UNDP, saying, “The question now is… how?… We will let the so called secutiy experts over at the UN figure that out. . . . Have a Nice Day….”
TeaMp0isoN recently announced that it would be joining forces with Anonymous “to fight censorship in the name of OpCensorThis” and would participate in a new campaign dubbed “Operation Robin Hood”, aimed at global banks.