The largest humanitarian network has had their information compromised and thousands of people will continue to suffer because of it. Although the hackers use of the sensitive information is yet to be discovered, countless troubles have come from the attack.
What is the ICRC?
The International Committee of the Red Cross (ICRC) is a neutral organization based of off the Geneva Conventions of 1949. [1] It responds to conflict and promotes humanitarian law and principles. As summarized in the below tweet, the ICRC has many different focuses:
The main topic of the current news regards their missing persons mission. The Restoring Family Links program [2] works to find and – if possible – reconnect missing persons to their families. The Red Cross and Red Crescent Groups set out to assist those caught in the middle of war, natural disaster, migration or other conflict. On average this movement helps reunite 12 missing people with their families each day. Without this program families are forced to live with the uncertainty of their loved ones fates, while still dealing with the external conflict that put them in such a situation.
The Breach
On January 19th, the ICRC announced that a cyber-attack breached their servers, exposing the personal information of over 515,000 individuals. The information contained names, contact information, and locations of half a million highly vulnerable people and their families, as well as the login information of around 2,000 staff and volunteers. [3] This attack forced the ICRC to take all of the compromised servers offline, halting the Restoring Family Links program.
“Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families, behind the information you stole are among the world’s least powerful.”
– Robert Mardini, Director-General of the ICRC
The breach was executed on the Switzerland-based contractor responsible for storing the non-profits data. The hackers are yet to be identified and the information has yet to be leaked but the attack was specifically aimed at the ICRC’s systems. This targeted attack could only lead to more suffering.
The ICRC’s Concerns
The ICRC’s response of taking down the affected servers disrupted the work of the Restoring Family Links program, but the ICRC worries that this will not be the only created issue. Work arounds for the Family Links program can be created, data can be stored in new secure systems, but one thing that may prove harder to reinstate is the trust of vulnerable populations with the Red Cross.
“Stolen information could be used to phish or scam those looking for friends and family. We saw multiple cases of this during the Japan earthquake and tsunami in 2011, with fake Red Cross websites, emails, and more.”
Chris Boyd, lead analyst at Malwarebytes [4]
Sensitive information may seem to no longer have a safe place. With the violation of sensitive data, and the possibility of misuse, the ICRC has urged the perps not to share or leak the stolen information. This information has weaponized the little power the powerless have and surely has taken away their hope.
Very informative post. It’s crazy to think that a single hack could be able to take down this entire rescue mission and cause so many people to have their information stolen. This post is a really good example of just how bad security breaches can be and how many people it can affect. The company I worked for got hacked once and they stole the information of many employees, myself included, and it feels really bad knowing that your information was taken. I can only imagine what the victims must be feeling knowing their information was stolen and that they are not even able to see their families. Hopefully the ICRC can get the program back to full capacity.
With such a large organization attacked and so many people affected it really shows how damaging something like this is. I’m hoping they get the program back at full capacity soon as well! When your information got stolen hopefully nothing too bad came out of it.
It’s unfortunate to see but hacker’s do target a lot of different organizations. Victims reply upon the ICRC to help connect with those that are lost, and ultimately the hack is going to affect these people. I would hope that hackers would follow some forms of moral compass but as we can see from this that just isn’t the case. I can’t imagine how vulnerable the victims feel. On another note, I think that contractors must take extra steps to ensure that sensitive information is not breached, especially for an organization like the ICRC. Contractors have an obligation to both the organizations as well as the people of who’s information they are protecting. Hopefully this leads to stricter and better security mechanisms to be put into place.
I like your optimistic take on this! If better security systems are used because of this, even if it’s bad now it could prevent larger breaches in the future. If the ICRC and other organizations set their expectations for security higher, and their contractors can fulfill those expectations, it could be a safer world for everyone’s information. As you said, the hackers’ moral compass is clearly misguided, and there will always be people attempting to break into things they don’t have authorization for, so the most we can hope for is a better defence to fought their attacks.
Wow! This is very saddening. The entire effort made by the ICRC to reunite missing people with their families is based on collecting data! It’s one of the many examples where people entrust their information to a good cause, and very regrettable to hear how that was abused. I find it interesting the hackers chose this organization and project, and wonder what they have to gain from it. An article I read in the New Yorker says that “ransomware groups concentrate on sectors where a combination of lax security and a low tolerance for disruption makes getting paid more likely and more lucrative”. It’s probable the hackers will see the plea in the twitter video you linked in this post. I hope this will not further develop into a ransomware situation.
It will be interesting to follow this story, as we are yet to know what the hackers intend to do with the data. The quote you bring up is an interesting one. It is likely this disruption will lead to a rather hefty pay-out if that is the attackers’ intention. Ransomware is another probability though, as the ICRC was still looking to see if any adjustments occurred in their data.
Very interesting post! ICRC is indeed doing a great job helping people find their missing families. But it is a shame to see some hackers were able to steal personal information of so many people. Those people were innocent and were hoping that ICRC would be able to reunite them with their loved ones. This not only minimizes the chances of the individual meeting his/her family again but this also effects their mental health. As you mentioned in the blog that the hackers stole the private information of over 515,000 individuals. One can imagine what the hacker wants to do with the data. The hackers can use it for ransom, blackmailing, leak them out etc. In my opinion the ICRC should have been more careful in terms of privacy and data security.
It really is disturbing to see all of the damage that occurred from this. As you mentioned, I’m sure it has a tremendous impact on the mental health of everyone affected. It is a shame the victims have to deal with this, along with all of the sufferings they have already endured.
This is a lot of information to take in. As time goes on the lack of morality on the internet continues to amaze me. I think the hardest part to stomach in the grand scheme of this attack is that those vulnerable people are now left in the open. 515,000 people is far to many to effectively protect. Those people are more or less stuck while their data just sits there, waiting to be used for undoubtedly some sort of malicious purpose. I really hope this serves as a wake up call for not only the ICRC, but every other organization out there. If a data breach occurs it’s already too late. People need to act proactively because the moment you’re forced to react to an attack you’ve already lost.
While I don’t know what the hackers were trying to do to hack the ICRC’s systems, this is really outrageous. The attack forced the ICRC to halt the Restoring Family Links programme, which will disappoint those who were looking for loved ones who would receive little help during the time the programme was halted. Although the information obtained by the hackers has not been leaked, it is difficult to guarantee that it will not be used for malicious acts, for example, the hackers use the information to defraud those who are desperately looking for their loved ones. As stated in the article, it is difficult for vulnerable groups to re-establish trust in the ICRC, which can lead them to deeper despair, as this may deprive them of a major source of support for finding relatives
So much information you shared on this post , great job !
This attack did remind me of the breach that was in a german hospital back in September 2020 , which has led to a death of a patient . It really pains me to see that hackers can do such immoral things to innocent people !
Great post!
The hackers who hacked ICRC servers are truly the people who do not have morals and ethics. As programmers, I think we really need to have strong morals, which can prevent us from doing bad things to humanity when there are too many profits that tempt us. I must say that not all hackers around the world are bad, many of them are trying their best to protect our society, but the hackers mentioned in your blog are truly the bad ones.
I think ICRC should pay more attention to updating their servers in the future, especially updating the network firewalls. This can prevent the private information stored in their servers from being compromised again.
Good post! It’s disheartening that organizations like the ICRC are still made targets for hackers, because not only are they helping those in need, they are helping those who have so little to begin with after being rushed from their homes due to natural disasters or war that there isn’t much else to take from them but the malicious desire to scam them. Groups like this make a bad name for the ethical hackers or activist groups that hack to make the world a better place, and that is truly saddening. As disappointing at it is, at least the ICRC now knows not even humanitarian groups like them are considered off limits by everyone, and they will hopefully take steps going forward to continue to ensure the security of their staff, volunteers, and those who they help.
This was a very useful post. It’s incredible to imagine that a single attack might bring the entire rescue mission to a halt and expose the personal information of so many individuals. This article serves as an excellent example of how serious security breaches can be and how many individuals they can effect. When the company I worked for was hacked, they stole the personal information of many employees, including myself, and it hurts to know that your information was stolen. I can only imagine how the victims must be feeling now that their personal information has been stolen and they are unable to see their loved ones. Hopefully, the ICRC will be able to restore full capacity to the programme.