![]() ![]() ![]() People who needed to be notified were notified.The metaverse has the potential to extend the physical world using augmented and virtual reality technologies allowing users to seamlessly interact within real and simulated environments using avatars and holograms. In a briefing given by Stéphane Dujarric, spokesman for the UN Secretary-General, responded to a question regarding the cyber-attack by saying that it was "not a landmark event." Asked why the UN covered up the attack, Dujarric replied that the servers in question "contained non-sensitive test data from two development servers used for web application. They are not connected to our regular systems." The development servers in question being, according to the UN Human Rights Office spokesperson, "systems on which new software is written by programmers using dummy data. Once we became aware of the attack, we took action to shut down the affected development servers." Nor did they gain access to other parts of the system. However, they did not succeed in accessing passwords. The hackers did manage to access our Active User Directory, which contains the user IDs for our staff and devices. "Although hackers accessed a self-contained part of our system in July 2019, the development servers they accessed did not hold any sensitive data or confidential information. The UN Human Rights Office provided the following statement by email: One senior UN official, talking to The New Humanitarian under the condition of anonymity, estimated that at least 400GB had been downloaded during the attack and that the UN response had "downplayed" the level of seriousness. Indeed, that narrative that Thornton-Trump spoke of is already underway. "This was a really bad decision by the UN," Thornton-Trump concludes. The decision not to publicly disclose a breach should not be an option for any organization, Thornton-Trump says, when the leak happens, and it always does, then critics control the narrative. We have learnt that being open and honest about cyberattacks can in fact help the brands and organizations in the wake of these hacks and help build stronger defenses going forward." Jake Moore, a Cybersecurity expert at security vendor ESET, said that "I believe no one should be covering up attacks in any way, shape or form. Especially when Dujarric has confirmed "lists of user accounts would have been exposed," and it was possible for the attackers to "view data on the compromised server." The leaked report includes antivirus and password management components amongst the compromised resources. By not holding itself accountable to the same professional standards as it holds others, the UN dilutes its reputation. The ethical argument for disclosing is, however, a strong one when you consider that the UN is an institute of global governance along with the International Criminal Court and the World Bank, to name some others. The UN has diplomatic status and as such, it enjoys immunity from the legal process and so under no obligation to disclose the breach. UN spokesperson, Stéphane Dujarric, told reporters from The New Humanitarian that "As the exact nature and scope of the incident could not be determined," it was decided by the UN offices concerned, "not to publicly disclose the breach." You might imagine, then, that the UN could be in deep water under the EU General Data Protection Regulation (GDPR) requirements. UN spokesperson confirms decision not to disclose was taken ![]()
0 Comments
Leave a Reply. |