Categories
Blogroll

What is the UN doing with your data?

If you allow another country to gain access to really critical data about your society, over time that will erode your sovereignty, you no longer have control over that data.

MI6 chief Richard Moore to BBC News (30 November 2021).

2011

France24: UN among victims of massive cyber-spying campaign

“Cyber-security experts have unveiled one of the biggest computer hacking campaigns to date, releasing a list of 72 organisations whose networks were attacked over a five-year period. Victims include the UN and several governments.

REUTERS – Security experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organizations including the United Nations, governments and companies around the world. … 

In the case of the United Nations, the hackers broke into the computer system of its secretariat in Geneva in 2008, hid there for nearly two years, and quietly combed through reams of secret data, according to McAfee.”

2017

June

BBC: Accenture and Microsoft plan digital IDs for millions of refugees

December

UNHCR: ID2020 and UNHCR Host Joint Workshop on Digital Identity

2019

June

Xinhua: China, UN to build big data research institute in Hangzhou

2020

January

The New Humanitarian: EXCLUSIVE: The cyber attack the UN tried to keep under wraps

“If there are no consequences for the [UN] agencies for failures like these … there will be more breaches.”

About this investigation:
While researching cybersecurity last November, we came across a confidential report about the UN. Networks and databases had been severely compromised – and almost no one we spoke to had heard about it. This article about that attack adds to The New Humanitarian’s previous coverage on humanitarian data. We look at how the UN got hacked and how it handled this breach, raising questions about the UN’s responsibilities in data protection and its diplomatic privileges.

https://www.forbes.com/sites/daveywinder/2020/01/30/united-nations-confirms-serious-cyberattack-with-42-core-servers-compromised/?sh=4cb9c05d633d

UN confirms it suffered a ‘serious’ hack, but didn’t inform employees

Approximately 4,000 employees may have had their data compromised.

April

Quartz: The UN is partnering with China’s biggest surveillance software company

Foreign Policy: EXCLUSIVE U.N.: Backs Down on Partnership With Chinese Firm for 75th Anniversary: The decision comes after U.S. officials and human rights advocates complained that Tencent aids Beijing in surveillance.

October

WSJ Opinion: China Uses the U.N. to Expand Its Surveillance Reach | In the name of ‘sustainable development,’ Beijing takes the lead in data collection efforts.

December

United Nations: Inauguration Ceremony Regional Hub for Big Data in China in support of the United Nations Global Platform

“I am very honoured to join you today in this inauguration ceremony of the Regional Hub for Big Data in China, in support of the United Nations Global Platform. The inauguration of this Regional Hub is most important, and timely. 

The demand for data, especially during the COVID-19 pandemic, is greater than ever.  Governments are in need of detailed data on the spread of the virus and its impacts on society. Under these challenging circumstances, statistical institutes have had to respond urgently to the demand for data, and to present innovative solutions. Consequently, in these times of need, the statistical community is now able to effectively use Big Data and advanced technologies. 

For example, census data – together with detailed geospatial information – can help identify the most vulnerable populations during the pandemic. And, real-time data on the position and movement of ships, for example, can estimate the volume of cargo being transported, and thus help produce estimates on the state of the economy. These real-time shipping data are available as a global data set on the United Nations Global Platform, and can be accessed by the whole statistical community.”

2021

January

ITPro: United Nations suffers potential data breach: Hackers could have breached the database long before the UN applied a patch

March

Financial Times: Opinion Technology sector: As digital trade grows, so does western distrust of Beijing: China is moving to the forefront of global innovation but governments fear privacy breaches

April

Nikkei Asia: Comment: Data suspicions threaten to tear China and west apart: Applications by Chinese companies see 200-fold increase since 1999

May

UNHCR: Government of Pakistan delivers first new biometric identity smartcards to Afghan refugees

July

ODI: Although shocking, the Rohingya biometrics scandal is not surprising and could have been prevented

“The data privacy and security of Rohingya refugees in Bangladesh has reportedly been jeopardised by the UN Refugee Agency. In an exposé published on 15 June by Human Rights Watch (HRW), UNHCR stands accused of improperly collecting the Rohingya’s biometric information and later sharing it with the Myanmar government without the Rohingya’s consent. Refugees said they had been told to register to receive aid, but the risks of sharing their biometrics had not been discussed, and the possibility this information would be shared with Myanmar was not mentioned.

The potential harm of sharing information with a regime that has a long history of manipulating registration systems to exclude and marginalise Rohingya populations is obvious. That biometrics are involved makes it worse. Unlike names or other personal information, biometrics are sticky – it’s not something you can change or escape.”

August

Reuters: ANALYSIS-Afghan panic over digital footprints spurs call for data collection rethink

Biometric Update: Concerns over Taliban accessing aid agency biometric data

“People in Afghanistan are fearful of the Taliban accessing personal information captured and stored by aid agencies including biometric data which could be used to identify individuals. Experts have raised concern that approaches used by security firms and United Nations development agencies could prove problematic for refugees and vulnerable groups, reports the Thomson Reuters Foundation, the charitable trust of Thomson Reuters.

The Intercept reported that equipment used by the U.S. army for biometric collection has already been seized by the Taliban. Biometric data on Afghans who assisted the U.S. were widely collected, making anybody identified vulnerable to persecution from the Taliban.

Sources told the Intercept that there was little planning for such an event, while the U.S. Army plans to continue to spend another $11 million on biometrics capture equipment including 95 more devices.

The UNHCR has been using biometrics in the region since 2002 when it tested iris recognition technology on Afghan refugees in the Pakistani city of Peshawar. Aid agencies praise biometric technology’s anti fraud and contactless capabilities.”

September

Bloomberg: Cybersecurity

UN Computer Networks Breached by Hackers Earlier This Year

“Hackers breached the United Nations’ computer networks earlier this year and made off with a trove of data that could be used to target agencies within the intergovernmental organization. 

The hackers’ method for gaining access to the UN network appears to be unsophisticated: They likely got in using the stolen username and password of a UN employee purchased off the dark web.”

“Organizations like the UN are a high-value target for cyber-espionage activity,” Resecurity Chief Executive Officer Gene Yoo said. “The actor conducted the intrusion with the goal of compromising large numbers of users within the UN network for further long-term intelligence gathering.”

CPO Magazine: United Nations Data Breach: Hackers Obtained Employee Login From Dark Web, Are Executing Ongoing Attacks on UN Agencies

“A spokesperson for the United Nations has confirmed that the organization was breached by hackers in early 2021, and that attacks tied to that breach on various branches of the UN are ongoing. The data breach appears to stem from an employee login that was sold on the dark web. The attackers used this entry point to move farther into the UN’s networks and conducted reconnaissance between April and August. Information gleaned from this activity appears to have been put to use in further attacks, with attempts made on at least 53 accounts.”

UN data breach creates long-term havoc for organization

“The UN has a unique need for cutting-edge cybersecurity given that it is one of the world’s prime targets for hackers, and that it fields regular attacks from advanced operators. Many of these go unrecorded, but the organization has weathered some high-profile attacks in recent years.”

“Unique Identity for All”: Biometric identity is being rolled out across the planet. HSB is one of the many players in this fast-growing data collection sector. Companies such as HSB collect data on behalf of international organisations.
This story is from 1992 and is a rare glimpse into Canada’s data sharing agreements with the US and other countries.

Data integrity and cross-border data sharing have been concerns for a very long time. False Data Makes Border Screening Corruptible

Further Reading:

There’s a War Going On But No One Can See It by Huib Modderkolk, Bloomsbury, 02 Sept. 2021

“Based on the cases he investigated over a period of six years, award-winning Dutch journalist Huib Modderkolk takes the reader on a tour of the corridors and back doors of the globalised digital world. He reconstructs British-American espionage operations and reveals how the power relationships between countries enable intelligence services to share and withhold data from each other.”  

The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power by Shoshana Zuboff, Profile Books, 2019

“Surveillance Capitalism: A new phase in economic history in which private companies and governments track your every move with the goal of predicting and controlling your behaviour. Under surveillance capitalism you are not the customer or even the product: you are the raw material.”

BBC News: MI6 boss warns of China ‘debt traps and data traps’

“In a wide-ranging interview ahead of his first major public speech since taking on the role as head of MI6, Mr Moore:

  • warned China has the capability to “harvest data from around the world” and uses money to “get people on the hook” …

“Speaking about the threat posed by China, Mr Moore described its use of “debt traps and data traps”.

He said Beijing is “trying to use influence through its economic policies to try and sometimes, I think, get people on the hook”.

Explaining the “data trap”, he said: “If you allow another country to gain access to really critical data about your society, over time that will erode your sovereignty, you no longer have control over that data.

“That’s something which, I think, in the UK we are very alive to and we’ve taken measures to defend against.”

Creative Commons License

This work is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.

ORCID iD: https://orcid.org/0000-0001-5311-1052.

© David South Consulting 2021