World Bank Removes Chief Information Officer Following Cyber Attacks

The World Bank has effectively dumped a vice president who served as its chief information officer while it scrambles to deal with a series of embarrassing hacker attacks, which were first reported on

Robert Van Pulley, a computer security director, will take responsibility for the institution’s embattled information system “effective immediately and until more permanent arrangements are in place,” according to an e-mail sent to staffers Tuesday evening by Juan Jose Daboub, one of three managing directors at the World Bank.

Van Pulley will report to a new executive council on computer security that includes Daboub and two other top World Bank officials. He replaces World Bank Vice President Guy-Pierre De Poerck, who was not mentioned in Daboub's e-mail and whose fate remains unclear.

World Bank officials would say Wednesday only that De Poerck's employment had not changed; they declined to offer any further information.

Daboub’s internal announcement also said the World Bank was launching a "comprehensive external review" of its information systems, including its "security-related technology, protocols and guidelines for securing business and information within the Bank Group.” has reported that the World Bank Group's network — one of the largest repositories of sensitive data about the economies of every nation — had been raided repeatedly by outsiders for more than a year.

Click here ro read "World Bank Under Cyber Siege."

Sources inside the bank also told that servers in the institution's highly restricted Treasury unit were deeply penetrated with spy software, and that the invaders also had full access to the rest of the bank's network for nearly a month in June and July. At least six major breaches have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month.

Daboub’s announcement repeated earlier World Bank claims that the institution has found “no evidence that these hacker attacks have compromised protected Treasury, Human Resources, Procurement and Institutional Integrity systems.”

But the note acknowledged what it called a recent “inadvertent” posting of confidential information on a publicly accessible Web site that included names and bank accounts for a number of World Bank staffers.

Other observers asked if the World Bank had done or was doing enough to address the problem.

“This is like locking the barn door after the horse -- and the key -- have been stolen,” said Bea Edwards, International Program Director for the Government Accountability Project (GAP). “It’s a cosmetic fix. The bank’s information system has been breached repeatedly for months, and may need a massive overhaul.”

The GAP posted a copy of Daboub’s announcement on its website.

• Click here to visit's Cybersecurity Center.