Cyber attack on the ICRC: Announcing the results of our analysis
Cyber attack on the ICRC: Announcing the results of our analysis
(Geneva)(PPS) Open letter from Robert Mardini, Director General of the International Committee of the Red Cross (ICRC), following the discovery in mid-January of a cyberattack on ICRC servers containing data related to the Red Cross and Red Crescent Movement’s program of reconciliation separate families are stored.
A month ago at the International Committee of the Red Cross (ICRC), we discovered that servers holding the personal data of over 515,000 people worldwide had been hacked.
Our teams have done everything in their power to understand how this attack happened, the impact it is having, how we can improve our security systems, and how to communicate facts about this unfortunate situation for the people entrusted to protect and support us be able.
It is our responsibility as a humanitarian organization, accountable to our partners and the people we serve, to share everything about this unacceptable attack.
Today, as part of our unwavering commitment to the people we seek to protect and support, we want to share more information about this attack. In this way, we step up to win people’s uninterrupted trust.
First, let me underline a fact: It was a sophisticated cyber attack – a criminal act – on sound humanitarian data. We know this was a targeted attack because the attackers created code designed to run only on the affected ICRC servers – a technique we believe was designed to target the ACTIVITIES to shield the hacker from detection and from final forensic investigations.
The attackers took advantage of a vulnerability that none of our cyber defense systems had detected, and once they penetrated our network, they used techniques that allowed them to impersonate legitimate users. When this was discovered as anticipated, we immediately made appropriate changes to some of our processes and tools and accelerated the implementation of the actions already planned as part of our cybersecurity improvement program.
Disclosing such information is not a pleasant task, but I believe that only by being transparent about the challenges can we learn from attackers and improve our policies and practices.
We are working closely with our partners in the National Red Cross and Red Crescent Societies around the world on measures to ensure that people who have had their data hacked die are informed as best we can. The top priority right now is to mitigate any potential risks they may have to fear. We do this through telephone calls, hotlines, public service announcements, letters and, in some cases, personal visits to remote areas.
Those affected include missing persons and their families, detainees and others receiving Red Cross and Red Crescent services as a result of armed conflict, natural disasters or migration. We’ve managed to ensure that the important work of locating missing loved ones could be done normally, right at the minimal level and with low-tech solutions (e.g. using spreadsheets), while working to improve performance with enhanced security features like restore .
Working during natural disasters and on the front lines carries real risks. The movement’s neutral and impartial approach is critical to safely conducting our work. We liaise with government agencies and armed groups to minimize risk to movement staff and volunteers, medical facilities, vehicles and other property. In the digital world, we follow the same approach as in the real world – and we must not become a target in either one.
It is our hope that this attack on the data of those in need will serve as a catalyst for change. We will now intensify our contacts with governments and non-state actors to specifically request that the protection of the humanitarian mission of the Red Cross and Red Crescent Movement extends to our data and infrastructure. We believe it is crucial to achieve real consensus – in word and deed – that humanitarian data must never be attacked.
In closing, let me say this to the people we support and to our partners in the Red Cross and Red Crescent movement who trust us with their data: I deeply regret that your data was compromised in this unacceptable attack. I promise you that we will do everything we can to improve the protection of our data today and in the future, and more importantly, to work to protect humanitarian operations in the digital world.