ICRC’s “deep data drive” into the hacking of its servers does not seem to have yielded much, except the knowledge that hackers had been inside these systems and had access to the data on them.
The International Committee of Red Cross is still searching for answers, 10 days since it determined that servers hosting personal information of more than 500,000 people receiving Red Cross services were compromised in a cyber-security attack.
An ICRC cyber partner detected an anomaly on the servers that contained information relating to the Red Cross’ restoring family links (RFL) services. RFL provides a unique service, reconnecting people separated by war, violence, migration and other causes. Every day, Red Cross societies all over the world, with help from ICRC, reunite 12 people with their families, ICRC claims.
But ICRC’s “deep data drive” does not seem to have yielded much, except the knowledge that hackers had been inside these systems and had access to the data on them. For a start, there is no clarity on when the data breach first happened for how long it had been going on. Reports say that the breach was “determined” on 18 January.
The breach included personal data such as names, locations, and contact information of more than 515,000 people from across the world. But so far, the ICRC only presumes that the data sets were copied and exported.
“We must presume so. We know that the hackers were inside our systems and therefore had the capacity to copy and export it,” The organisation has said in a statement.
No dark web clues; no ransom demands, yet
As a global network, ICRC has access to various levels of hierarchies within entities that even the most powerful governments often fail to establish. Yet, its statement, now 10 days on since the attack happened, says, “We do not know who is behind this attack.”
It says that the ICRC hasn’t so far had any contact with the hackers and that no ransom has been asked for. “In line with our standing practice to engage with any actor who can facilitate or impede our humanitarian work, we are willing to communicate directly and confidentially with whoever may be responsible for this operation to impress upon them the need to respect our humanitarian action,” the statement reads.
On reports that the information had been put up for sale on the dark web, the statement says that the organisation has “a dedicated team who are following any reports we receive of data being available on the dark web.”
ICRC says that it does not wish to speculate on any possible misuse of this data. ICRC says, “If misused or in the wrong hands, it could potentially be used by States, non-state groups, or individuals to contact or find people to cause harm.”
Yet, going by the statement put out by the organisation’s headquarters in Geneva, the world’s largest humanitarian organisation could see this coming.
As it says in its statement, “We have been long aware of the danger that our data could one day be the target of an attack.” It says that the organisation has “invested substantially in cyber security and work with trusted partners to maintain high standards of data protection and systems.”
People connected with the Red Cross in SouthAsia doubt that this event will have long-term impacts on ICRC’s work, especially because RFL is not ICRC’s most resource intensive work.
“ICRC is a preferred organisation for humanitarian funding in situations of wars and conflicts by many governments,” says a senior official who has closely observed the working of the highly privileged Swiss private organisation. “It is a brand and this latest happening will not disturb its reputation very much,” he said.