Without shame and without mercy. Unknown attackers dared to target even the servers of the International Committee of the Red Cross stealing the confidential information of over 500,000 people in vulnerable conditions, including migrants, victims of natural disasters, relatives of missing persons and prisoners from around the world, impacting at least 60 divisions of the international organization.
Headquartered in Geneva, Switzerland, the Committee, apolitical, employs around 20,000 people in over 100 countries and is funded by voluntary donations from governments and national Red Cross and Red Crescent societies. Since 1863 it has been protecting and helping the victims of armed conflicts and promoting respect for international humanitarian law.
Hacker
2022 of cybercrime: digital wallets, esports and satellite networks under attack
by Marco Cimminella
And precisely from the compromise of a technology company based in Switzerland, a Red Cross contractor, the attack would have originated, forcing the organization to disconnect some systems without being able to indicate even a provisional date for recovery.
So far there is no evidence of the disclosure of the stolen data, but the theft seems to be primarily about the Restoring Family Links program, with which the Red Cross tries to help displaced people find relatives. On the incident we await further news from the press office of the International Red Cross, which we contacted, meanwhile the director general of the ICRC, Robert Mardini, has already entrusted the first reaction to the press: “We are shocked and perplexed learning that this information, stored for humanitarian aid purposes, could be attacked and compromised ”.
Although the attack potentially puts thousands of vulnerable people and their families of origin at risk, Mardini tried to reassure everyone: “We are working as quickly as possible to identify alternative solutions to continue this fundamental work “. Again: “Every day, the Red Cross and the Red Crescent help to reunite an average of 12 missing persons with their families. Cyber attacks like this one jeopardize that essential work, so the incident must be seriously analyzed. “
The ICR is a neutral and independent institution, and his mandate is conferred on him by the Geneva Convention of 1949 and since, as per the statute, he does not place differences in gender, ethnicity, religion and political opinions of the people he helps, it tends to exclude that the attack is politically or financially motivated as those that have occurred in recent weeks, including the attacks to Ukrainian government sites and arms companies, even electronic ones such as the French ThalesGroup and the Italian Hitrac Engineering Group Spa. However, precisely because no ransom requests are known, even the hypothesis of a simple criminal attack cannot be evaluated. In short, all hypotheses are possible.
The cybersecurity company Darktrace was the first to comment the facts with its director of corporate security, David Masson: “This attack is an unfortunate, if devastating, example of the fact that no individual and no organization is immune to cyber threats. The fact that the Red Cross appeals to attackers to return the stolen data confirms that they are no longer safe, under its control and custody. Reputational damage is worrying certainly the organization, but it is nothing compared to the risks to which individuals and groups that are already very fragile in themselves can be victims ”.
Ransomware
Cyber attack on Thales Group: LockBit 2.0 published the stolen data
by Arturo Di Corinto
The Red Cross and the Red Crescent they fear that public disclosure of the data exposed during the incident could put those affected at risk and appeal to the perpetrators to “do the right thing: do not share, sell, disclose or otherwise use this data”. An appeal that applies to everyone, given that too easily these figures are published for boasting also on sites and social networks: “Your actions could potentially cause even more harm and pain to those who have already endured unspeakable suffering.”