What Could Hackers Have Been Hacking at the UN?

The computer security firm McAfee released a bombshell report today alleging evidence of a widespread hacking operation. The United Nations was one of 70 targets, which included defense contractors, governments, think tanks, and Olympic Committees. It would appear that a state (not identified in the report) was behind the attacks.

The interest in the information held at the Asian and Western national Olympic Committees, as well as the International Olympic Committee (IOC) and the World Anti-Doping Agency in the lead-up and immediate follow-up to the 2008 Olympics was particularly intriguing and potentially pointed a finger at a state actor behind the intrusions, because there is likely no commercial benefit to be earned from such hacks. The presence of political non-profits, such as the a private western organization focused on promotion of democracy around the globe or U.S. national security think tank is also quite illuminating. Hacking the United Nations or the ASEAN (Association of Southeast Asian Nations) Secretariat is also not likely a motivation of a group interested only in economic gains. [Emphasis mine]

The report names the United Nations as one of the targets of the hacks. It does not provide detail about what information was compromised, or what UN entity or agencies were hacked into. But it does list the location of the hacking attack against the United Nations as “Switzerland.”  This suggests that the attack occurred at the UN’s Geneva Headquarters (as opposed to UN Headquarters in New York).

Here is a list of all the UN agencies in Switzerland:


The attack on the UN began in September 2008 and lasted for 20 months.  The report encourages readers to “map some of these specific compromises to various geopolitical events that occurred around these times,” so I perused the September 2008 UN Dispatch archives for some clues.

Here’s what I found:

1) China assumed presidency of the Security Council on October 1. This was China’s first time as the rotating council president since 2007. At the time, I wrote a post noting that a group of activists were urging the American government to fight China at the World Trade Organization as a way to press China into a more responsible policy on Sudan.  The Enough Campaign’s John Prendergast and David Sullivan wrote an op-ed in the Huffington Post titled “China’s Deadly Investments” which explored ways to press the Chinese government towards a more human rights based foreign policy now that the Olympics had ended.  It included this passage:

China’s entry into the World Trade Organization in 2001 was based on the calculation that the economic benefits of globalization outweighed the cost of abiding by international norms. But today an emboldened China skirts the rules on everything from underage gymnasts to product safety and intellectual property rights. The U.S. should remind China that defying basic human rights, environmental and labor standards will rebound negatively on its commercial interests, particularly by using multilateral mechanisms like the W.T.O. to impose a cost on China’s errant practices.

In her excellent book on Darfur activism, reporter Rebecca Hamilton examines how activists tried to brand the 2008 Beijing Olympics as the “Genocide Olympics.” She also reports that Chinese officials paid very close attention to the activities of these activists—keeping extensive files on their attempts to tied the Olympics to Chinese foreign policy in the Sudan.

The WTO is based in Geneva.

2) Another big UN focused geo-political event in September 2008 was the decision by the Nuclear Suppliers Group to issue a waiver that would permit the transfer civilian nuclear know-how to India.  India had been barred from receiving civilian nuclear technology from the suppliers group ever since it diverted civilian nuclear technology to develop nuclear weapons in the mid 1970s. The decision by the nuclear suppliers group came after heavy US lobbying to issue India the Waiver. (The United States had recently approved national legislation to provide the technology to India.)

While this was undoubtedly a tense geopolitical event, it occurred in Vienna. Not Geneva. Still, it was a big deal at the time.

3) Finally, September saw heavy lobbying in advance of an October vote to admit new members to the Security Council. This is what I wrote at the time:

Five of the ten non-permanent Security Council seats will be vacated in 2008. Two of these seats belong to the Western Europe and Others Group (“others” being Canada, New Zeland, Australia, Israel and the United States,) one to Asia, one to Africa and one to Latin America. Uganda and Mexico are running uncontested for their respective seats. Japan is basically uncontested for the Asia seat, except for a Lyndon LaRouche style candidacy by Iran. This leaves Iceland, Austria and Turkey to vie for only two WEOG seats. The Security Council Report expects a nail-biter.

I’m hard-pressed to find a Geneva angle to this. The jostling and lobbying for votes tends to occur either at UN headquarters in New York or in capitals around the world.  Still worth noting, though.

So of scenarios 1, 2, or 3, which do you think is most likely to inspire a state sanctioned cyber-hacking of UN offices in Geneva? Readers can draw their own conclusions.