GENEVA — The U.N. human rights office acknowledged on Wednesday it had suffered a sophisticated cyberattack on its computers last year, but sought to assure the public that none of its sensitive data or confidential information were accessed.
Numerous high-profile, sensitive investigations into suspected abuses of human rights are carried out by the Office of the U.N. High Commissioner for Human Rights, or OHCHR, making it an adversary of repressive governments that try to track and punish opponents.
“Although hackers accessed a self-contained part of our system in July 2019, the development servers they accessed did not hold any sensitive data or confidential information,” the office said in a statement.
“The hackers did manage to access our Active User Directory, which contains the user IDs for our staff and devices. However, they did not succeed in accessing passwords. Nor did they gain access to other parts of the system,” the U.N. office said. “Once we became aware of the attack, we took action to shut down the affected development servers.”
The cyberattack was part of a sophisticated hack of dozens of United Nations computer server networks in Geneva and Vienna last year, according to a confidential U.N. report obtained by The New Humanitarian, a Geneva-based independent news platform, and confirmed by The Associated Press.
The report from the U.N. Office of Information and Communications Technology, or OICT, said the attack caused 42 servers to be “compromised,” including three used by OHCHR, and two used by the U.N. Economic Commission for Europe, or UNECE, while another 25 were in “suspicious” condition.
But the United Nations kept the apparent act of espionage from the public, potentially putting staff, other organizations and individuals at risk, data protection advocates told The New Humanitarian. IT officials in the U.N.’s Geneva offices disclosed the attack to its tech teams in August.
OHCHR officials said the development servers, normally unconnected to regular networks, are used by programmers only to write new software using dummy data. Nevertheless, the officials said, all of the security breaches were taken “extremely seriously” to try to protect all U.N. staff and collaborators.
“We want to assure all concerned parties that this hacking attempt did not compromise sensitive information within this office,” the officials said. “Like many other institutions and companies, we face frequent attempts to access our computer systems, and our IT team is constantly further reinforcing existing multifaceted safeguards to preserve the integrity of our systems and the data they hold.”
— Emma Beals (@ejbeals) January 29, 2020
A ‘well-resourced’ attack
The confidential report from September 20 said that the computer logs that should have showed what the hackers were doing inside the U.N. networks were instead cleared. It also indicated that some of the accounts that were hacked belonged to domain administrators that can access all other user accounts.
The AP quoted a U.N. official describing the attack as so “sophisticated,” with “not even a trace of a cleanup,” that a government-backed entity may have carried it out. An outside consultant said the attack looked like espionage, but U.S., Russian and Chinese agents usually use a more effective approach of editing rather than clearing network logs.
The full extent of the damage from the attack has not yet been assessed. The report said hackers exploited a flaw in Microsoft’s SharePoint software to gain access to the U.N.’s networks, but the precise type of malware used remains unknown. The report also cited IP addresses in Romania that may have been used to stage the infiltration, including one that may have hosted the malware.
“The damage related to the specific attack has been contained and additional mitigation measures implemented,” U.N. spokesman Stephane Dujarric told reporters at a routine briefing in New York.
“You know, the U.N. is no different from any organization or individuals. The threat of future attacks continues,” he said. “We are not able to pinpoint to any specific potential attacker, but it was, from all accounts, a well‑resourced attack.”