The United Nations was apparently hacked in 2019 but chose to cover up the cybersecurity incident.

This is the claim after an investigation by The New Humanitarian (NH), after it allegedly came across a confidential report about the UN Networks and databases which had been severely compromised last year.

As a world body, the UN aims to set standards and rules globally. A couple of weeks ago for example, UN sanctions experts issued a stark warning to people wishing to attend a cryptocurrency conference in North Korea in February.

UN hack

But according to the NH, the United Nations knew about a hack of its IT systems last year but chose not to disclose the matter.

“The UN did not publicly disclose a major hacking attack into its IT systems in Europe – a decision that potentially put staff, other organisations, and individuals at risk, according to data protection advocates,” said the NH report.

“On 30 August 2019, IT officials working at the UN’s Geneva offices issued an alert to their tech teams about a hacking incident,” said NH. “The complex cyber attack on UN networks in Geneva and Vienna had started more than a month earlier but was only just being fully uncovered.”

It alleged that dozens of UN servers – including systems at its human rights offices, as well as its human resources department – were compromised and some administrator accounts breached.

The breach is one of the largest ever known to have affected the world body, it reported.

The cyber attack started in mid-July, according to the report. The incident amounted to a “major meltdown”, according to a senior UN IT official familiar with the fallout, who spoke to NH on condition of anonymity.

When NH asked the UN to comment, it confirmed it had kept the breach quiet.

“The attack resulted in a compromise of core infrastructure components,” UN spokesperson Stéphane Dujarric was quoted as saying. The attack was classified as “serious”. “As the exact nature and scope of the incident could not be determined, [the UN offices in Geneva and Vienna] decided not to publicly disclose the breach,” Dujarric reportedly said.

Staff were apparently asked to change their passwords, but were not told of the large breach or that some of their personal data may have been compromised.

The attackers were apparently able to exploit a Microsoft SharePoint vulnerability, and besides 20 administrative accounts being compromised, it was found that malware had been implanted on 40 servers.

Cyber honesty

The fact that the UN chose to cover up the attack was questioned by security experts.

“I believe no one should be covering up attacks in any way, shape or form,” said Jake Moore, cybersecurity expert at ESET. “We have learnt that being open and honest about cyberattacks can in fact help the brands and organisations in the wake of these hacks and help build stronger defences going forward.”

“Owning up to a data breach or vulnerability usually brings the cyber security industry together, and can provide help and support,” said Moore. “It also helps other organisations who may be at risk with similar vulnerabilities. Although it is yet to be seen how this attack was carried out, there is a lot to be learnt within the industry about reporting breaches, and hopefully over the next few years we will start to see a more honest approach.”

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Signal Shows Data Collection Adverts Facebook Rejected

Signal has had user-targetted adverts on Instagram blocked, as messaging service attempts to highlight Facebook…

5 hours ago

Oversight Board Upholds Trump’s Facebook Suspension

Bad news for Donald. Facebook's 'Supreme Court' upholds suspension of Donald Trump account, but asks…

7 hours ago

US Presses TSMC For More Chips For Car Makers

Global silicon shortage continues, as US Commerce Department presses Taiwanese chipmakers to ease the supply…

8 hours ago

Starlink Signs Up 500,000 Pre-Orders For Satellite Internet

Elon Musk space venture SpaceX has already signed 500,000 customers on pre-order for its Starlink…

10 hours ago

Apple Vs Epic Games Court Battle Continues

Second day of courtroom showdown in the US reveals Epic Games management would have accepted…

12 hours ago

Trump Launches ‘Communications’ Website

Banned from social media for instigating US Capitol riot, Trump launches 'straight from the desk'…

13 hours ago