An internal confidential document from the United Nations, leaked to The New Humanitarian and seen by The Associated Press, says that dozens of servers were “compromised” at offices in Geneva and Vienna.
Those include the U.N. human rights office, which has often been a lightning rod of criticism from autocratic governments for its calling-out of rights abuses.
One U.N. official told the AP that the hack, which was first detected over the summer, appeared “sophisticated” and that the extent of the damage remains unclear, especially in terms of personal, secret or compromising information that may have been stolen. The official, who spoke only on condition of anonymity to speak freely about the episode, said systems have since been reinforced.
The level of sophistication was so high that it was possible a state-backed actor might have been behind it, the official said.
There were conflicting accounts about the significance of the incursion.
“We were hacked,” U.N. human rights office spokesman Rupert Colville. “We face daily attempts to get into our computer systems. This time, they managed, but it did not get very far. Nothing confidential was compromised.”
The breach, at least at the human rights office, appears to have been limited to the so-called active directory – including a staff list and details like e-mail addresses – but not access to passwords. No domain administration’s account was compromised, officials said.
The United Nations headquarters in New York as well as the U.N.’s sprawling Palais des Nations compound in Geneva, its European headquarters, did not immediately respond to questions from the AP about the incident.
Sensitive information at the human rights office about possible war criminals in the Syrian conflict and perpetrators of Myanmar’s crackdown against Rohingya Muslims were not compromised, because it is held in extremely secure conditions, the official said.
The internal document from the U.N. Office of Information and Technology said 42 servers were “compromised” and another 25 were deemed “suspicious,” nearly all at the sprawling United Nations offices in Geneva and Vienna. Three of the “compromised” servers belonged to the Office of the High Commissioner for Human Rights, which is located across town from the main U.N. office in Geneva, and two were used by the U.N. Economic Commission for Europe.
Technicians at the United Nations office in Geneva, the world body’s European hub, on at least two occasions worked through weekends in recent months to isolate the local U.N. data center from the Internet, re-write passwords and ensure the systems were clean.
The hack comes amid rising concerns about computer or mobile phone vulnerabilities, both for large organizations like governments and the U.N. as well as for individuals and businesses.
Last week, U.N. human rights experts asked the U.S. government to investigate a suspected Saudi hack that may have siphoned data from the personal smartphone of Jeff Bezos, the Amazon founder and owner of The Washington Post, in 2018. On Tuesday, the New York Times’s bureau chief in Beirut, Ben Hubbard, said technology researchers suspected an attempted intrusion into his phone around the same time.
The United Nations, and its human rights office, is particularly sensitive, and could be a tempting target. The U.N. High Commissioner for Human Rights, Michelle Bachelet, and her predecessors have called out, denounced and criticized alleged war crimes, crimes against humanity and less severe rights violations and abuses in places as diverse as Syria and Saudi Arabia.
Dozens of independent human rights experts who work with the U.N. human rights office have greater leeway – and fewer political and financial ties to the governments that fund the United Nations and make up its membership – to denounce alleged rights abuses.
Jake Williams, CEO of data firm Rendition Infosec and former U.S. government hacker, said of the U.N. report: “The intrusion definitely looks like espionage.”
He noted that accounts from three different domains were compromised. “This, coupled with the relatively small number of infected machines, is highly suggestive of espionage,” he said after viewing the report.
“The attackers have a goal in mind and are deploying malware to machines that they believe serve some purpose for them,” he added.
The U.N. document highlights a vulnerability in the software program Microsoft Sharepoint, which could have been used for the hack.
Matt Suiche, a French entrepreneur based in Dubai who founded cybersecurity firm Comae Technologies, said that based on the report from September: “It is impossible to know if it was a targeted attack or just some random internet scan for vulnerable SharePoints.”
But the U.N. official, speaking to The Associated Press on Tuesday, said that since then, the intrusion appeared sophisticated.
“It’s as if someone were walking in the sand, and swept up their tracks with a broom afterward,” the official said. “There’s not even a trace of a clean-up.”