UN investigates hack after more than 100 credentials posted
UN investigates hack after more than 100 credentials posted

The United Nations has said it will investigate an attack after a group of hackers posted more than 100 email addresses and login details it claimed to have stolen from the organisation.

According to BBC News, many of the emails appear to belong to members of the United Nations Development Programme (UNDP), a spokesperson for which said that an old server had been targeted.

Sausan Ghosheh said: “The UNDP found [the] compromised server and took it offline. The server goes back to 2007. There are no active passwords listed for those accounts. Please note that UNDP.org was not compromised.”

Hacking group TeaMp0isoN claimed responsibility for the action, calling the UN "a senate for global corruption" and criticised its stance and action in Rwanda, Darfour, Israel and the former Yugoslavia.

Its statement on Pastebin said: “The UN has become a beast that must be stopped or tamed! How far you have come from the first address by Thomas Jefferson where 'peace, commerce and honest friendship' were the Modis Operandi [sic] to one today where talk of 'eliminating 350,000 people a day' as outlined by Jacques Cousteau is a academic consideration.

“The UN is a fraud! The bureaucratic head of NATO used to legitimise the Barbarism of Capitalist elite! Conor Cruise said 'you can safely appeal to the UN in the comfortable certainty that it will let you down' - never has a truer sentence been spoken. United Nations, why didn't you expect us?”

This is then followed by the email addresses, usernames and passwords. Graham Cluley, senior technology consultant at Sophos, suspected that the hackers were able to take advantage of a vulnerability on the UNDP website to extract the information.

Jason Hart, MD of Cryptocard, said: “The UN is seen as a symbol for security and trust for many millions of people around the world. Hacking their systems is TeaMp0isoN's way of making a big statement to the outside world.

“The UN has said that the information exposed is old data, but if you look at the YouTube video released by the hackers on Monday, it shows account details and usernames as well as personal email addresses.

“As we all know, passwords cross personal and professional lives, so these people could well be compromised at work and at home. I would bet my last pound that most of these people are still using the same password; therefore they are vulnerable to attack.

“Time and time again this year we've seen hackers bypass the front door thanks to outdated security approaches such as static passwords. The implications for the UN, and the people whose details are currently being advertised on YouTube, are significant.”

Cluley said 'TeaMp0isoN' recently announced it was joining forces with Anonymous on an initiative dubbed ‘Operation Robin Hood', targeting banks and financial institutions. It hit the headlines in the summer when the official BlackBerry blog was defaced after its parent RIM said it would co-operate fully with the Home Office and police following the London riots.