Edinburgh: Top officials at the World Health Organization are being targeted by hackers as they work on the global response to the coronavirus pandemic.
The WHO’s security team has seen an increasing number of attempted cyber-attacks on the officials since mid-March, according to the organization’s chief information officer, Bernardo Mariano. WHO itself hasn’t been hacked, but employee passwords have leaked through other websites, he said.
In an interview Tuesday, Mariano said that some of the attacks had been perpetrated by suspected nation-state hackers. The targets have included WHO Director General Tedros Adhanom Ghebreyesus, as well as Bruce Aylward, a senior WHO envoy who led a Covid-19 response team in China.
In addition, there had also been a recent “sustained attempt” to hack into computers operated by a team of four WHO employees in South Korea, as well as an incident last week targeting staff at the organization’s Geneva headquarters, Mariano said.
The hackers “are looking for the highest targets — the key officials involved with the Covid-19 work,” Mariano said. “The cybersecurity team has never been busier, and we’ve had to increase resources to try to protect ourselves and be vigilant.”
Authorities in Israel, the European Union, the U.K. and Switzerland have issued warnings to the WHO in recent weeks about cyber-attacks on its systems, as have Interpol and Microsoft Corp., based on intelligence they have gathered, Mariano added.
The WHO used to have one security alert a month, but thus far in April the organization has received eight from national cybersecurity authorities “notifying us of nation-state actor attacks that we are facing,” he said.
We are deeply grateful to our readers & viewers for their time, trust and subscriptions.
Quality journalism is expensive and needs readers to pay for it. Your support will define our work and ThePrint’s future.
Many of the attacks have been phishing or spearphishing attempts to lure WHO staff into clicking on a malicious link in an email — often sent to both work and personal accounts –- that will download malware onto their computers or mobile phones, he said. In some cases, reports the WHO has received from national cybersecurity agencies have identified the origins of the attack and the suspected perpetrator. Mariano declined to name any of the alleged culprits.
On Monday, users of the internet forum 4chan began circulating more than 2,000 passwords they claimed were linked to WHO email accounts. The details soon spread to Twitter and other social media websites, with claims that the WHO had been the victim of a hack.
Mariano’s team concluded that the WHO hadn’t been hacked, but that the passwords of some WHO employees had been obtained from other data breaches. The employees may have used their work email address to register an account for a particular website, and then that website has been hacked, leaking their password.
Some users of 4chan said that they had used the passwords to successfully gain access to a WHO website called “Extranet.” Mariano said that most of the 2,000 email accounts had expired and were no longer active, but that 400 were still used by the organization’s employees.
He said none of the passwords could be used to access sensitive internal systems, such as those for email, because the organization has a two-factor authentication system in place, meaning a password alone is not sufficient to gain access.
Facing increased attacks, the WHO has doubled the size of its security team and is now working with five security companies to bolster its defenses, said Mariano. The team has shut down some WHO systems that were identified as vulnerable to attack and has bolstered the security of internal email, he said.
“This is unprecedented for everyone here,” Mariano said. “We’re doing what we can to mitigate it.”
News media is in a crisis & only you can fix it
You are reading this because you value good, intelligent and objective journalism. We thank you for your time and your trust.
You also know that the news media is facing an unprecedented crisis. It is likely that you are also hearing of the brutal layoffs and pay-cuts hitting the industry. There are many reasons why the media’s economics is broken. But a big one is that good people are not yet paying enough for good journalism.
We have a newsroom filled with talented young reporters. We also have the country’s most robust editing and fact-checking team, finest news photographers and video professionals. We are building India’s most ambitious and energetic news platform. And we aren’t even three yet.
At ThePrint, we invest in quality journalists. We pay them fairly and on time even in this difficult period. As you may have noticed, we do not flinch from spending whatever it takes to make sure our reporters reach where the story is. Our stellar coronavirus coverage is a good example. You can check some of it here.
This comes with a sizable cost. For us to continue bringing quality journalism, we need readers like you to pay for it. Because the advertising market is broken too.
If you think we deserve your support, do join us in this endeavour to strengthen fair, free, courageous, and questioning journalism, please click on the link below. Your support will define our journalism, and ThePrint’s future. It will take just a few seconds of your time.