When a State and its Hackers' Interests Coincide
By Jeffrey Carr; Monday, June 6, 2011
The recent discovery that the International Monetary Fund had its network breached and mined for sensitive data over a period of several months is the latest in a non-stop round of significant cyber attacks dating back almost to the beginning of the year.|
Here's what has been reported by the New York Times  and Bloomberg  through unconfirmed sources:
Since the attack pre-dates the DSK arrest, we can probably rule out any motive related to who the next IMF managing director will be since DSK's term wasn't due to be up until 2012 . There is a fight between the BRICs and the EU/US over who should run the IMF , whose director has always been from Europe or the U.S. but since the election is so far off, there doesn't seem to be a compelling reason for any of the BRIC states (Brazil, Russia, India, China) to be involved in the attack.
Although Anonymous had announced a DDoS attack against the IMF to protest its stringent budget controls attached to its bail-out loan for Greece, it was just recently called for (1 June) and the characteristics of the IMF attack don't fit Anon's operational model (DDOS using the LOIC).
The IMF has 187 member states and any one of them would probably benefit by having access to sensitive data stored on IMF servers, however only a small percentage have the means to run a believable spear phishing attack against a sophisticated target like the IMF. If you rule out the U.S. and the European Union as well as the BRICs, you'd be left with a handful of countries in Asia, Eurasia, and the Middle East.
Relatively new loans are in the works for Egypt and Tunisia but they predate the onset of the attack if the reported timeline is accurate.  There was some discussion of a loan for South Korea last summer , but in February, 2011 the Bank of Korea loaned money to the IMF  so we can probably take South Korea off the list.
My picks for the states as the most likely candidates behind the IMF attack are both in Eurasia: Belarus and Ukraine. Both have been involved with hotly contested and politically stressful IMF loans dating back many months and both have very active and skillful hacker populations for whom the IMF breach would be a piece of cake.
The IMF approved a $16B loan to Ukraine in August 2010  but then suspended it over Ukraine's breach of terms because they were perceived as too unpopular to implement.  A similar situation occurred in Belarus which had a previous IMF loan of $3.5B in 2009 that was cancelled in late 2010 due to breaches in terms during the Presidential election. Now Belarus needs a new IMF loan of $8B in addition to $3B pledged to it by a Russian-led bailout fund. 
Hackers from Eastern Europe, including both Ukraine and Belarus, were involved in a high profile arrest last October for financial crimes spanning about one year against a series of banks that included HSBC, Royal Bank of Scotland, Barclays, and Lloyds TSB. 
Then in early January, 2011, Brian Krebs reported on a spear phishing attack against U.S. government employees that pretended to be a Seasons Greetings card from the White House for the purpose of gaining access to sensitive networks then discovering and exfiltrating valuable data over a long period of time . This second attack is a trademark of the Zeus malware gangs in Eastern Europe; also known as the Hilary Kneber crew. A technical write-up on the White House spear phishing attack can be found at the Contagio blog. The government of Belarus denied that any Belarus hackers were involved in the attack. 
There's very little hard data in the public domain to review so this article should be taken as informed conjecture at best. However, based upon what has been reported by two respected news organizations and a couple of highly regarded journalists, this could very well be the work of Eastern European hackers who've been running very similar cyberespionage operations dating back to February 2010 with a spoofed NSA email and 24 hours later a spoofed email pretending to be from me warning "my" recipients of the NSA-themed spear phishing attack - both of which were very successful .
In the Russian Federation and the Commonwealth of Independent States (the former states of the Soviet Union), "useful" relationships between government and organized crime have been a fact of life for many years. That type of relationship is extended to professional hacker crews as well and if the interests of a government coincide temporarily with the interests of a skill set owned by some of its citizens, an IMF-type attack may very well be a win-win situation for both.