Cyber Incident Victim: World Trade Organization
Date:
May 2015
Location:
Switzerland
Summary
A hacker associated with Anonymous breached a World Trade Organization training server via SQL injection, exposing personal data of over 2,000 officials and staff, including full names, email addresses, job titles, phone numbers, physical addresses, and access credentials. The leak compromised individuals from multiple countries, some holding government positions, elevating risks of targeted phishing attacks against both national institutions and the organization's administrative resources due to exposed privileged access details.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 1, 2015, a hacker associated with the Anonymous collective breached a World Trade Organization (WTO) training platform hosted at ecampus.wto.org, extracting and publicly leaking sensitive personal information. The attacker exploited an SQL injection vulnerability in the server’s database, compromising 15 databases containing records of administrators and participants enrolled in WTO online courses. These courses covered topics such as international trade law and other trade-related subjects. The compromised data included full names, personal and professional email addresses, job titles, phone numbers, physical addresses, dates of birth, nationalities, access IDs, and IP addresses for over 2,000 WTO staff members and officials. Affected individuals represented numerous countries, including the United States, France, Brazil, India, Vietnam, China, Sri Lanka, Russia, Indonesia, Dominican Republic, and Pakistan. The breach exposed government employees working in economic policy roles within their respective nations. Following the incident, the WTO took the ecampus.wto.org domain offline, citing maintenance activities, though no further technical remediation details were publicly disclosed.
The data dump, posted on an anonymous messaging board, created significant risks of follow-on attacks due to the sensitive positions held by many victims. Government officials with economic policy responsibilities faced heightened phishing threats that could facilitate network compromises, while WTO administrative accounts—exposed through leaked access IDs and credentials—increased organizational vulnerability to unauthorized system access. The SQL injection attack method indicated inadequate input sanitization practices on the WTO server, allowing the attacker to execute malicious database queries and potentially alter records. No evidence suggested data modification occurred during this incident. The breach highlighted systemic security weaknesses in the WTO’s training platform infrastructure, though the organization did not release information regarding detection methods, internal investigations, or notifications to affected individuals beyond taking the compromised system offline.