">
- अर्थ सरोकार सम्बाददाता
काठमाडौँ – नेपालका दुइ बैंकहरुको डाटा ह्याक भएको रहस्य खुलेको छ । एक अन्तराष्ट्रिय अनलाइन ले दिएको जानकारी अनुसार नेपालका सानीमा बैंक र युनिभर्सल डेभलोपमेन्ट बैंकका डाटाहरु ह्याक भएका छन् । युनिभर्सल डेभलोपमेन्ट बैंक सिद्धार्थसँग मर्ज भइसकेको छ । नेपालका २ सहित बंगलादेशका अन्य दुइ बैंकहरुको डाटा समेत ह्याक भएका छन् ।
हेर्नुहोस् उक्त अनलाइनमा भेटिएको तथ्यको पूर्ण विवरण :
Hackers Leak Data of 5 South Asian Banks
Data purportedly belonging to five South Asian banks was apparently
posted online May 10 by the Turkish hacking group Bozkurtlar that
recently also leaked data tied to Qatar National Bank and UAE’s InvestBank.
posted online May 10 by the Turkish hacking group Bozkurtlar that
recently also leaked data tied to Qatar National Bank and UAE’s InvestBank.
The latest banks whose data has been posted online include the Dutch
Bangla Bank, The City Bank and Trust Bank, all based in Dhaka,
Bangladesh; and two Nepalese banks, Business Universal Development Bank
and Sanima Bank, both based in Kathmandu, Nepal.
Bangla Bank, The City Bank and Trust Bank, all based in Dhaka,
Bangladesh; and two Nepalese banks, Business Universal Development Bank
and Sanima Bank, both based in Kathmandu, Nepal.
Links to the file archives containing data from all the banks have
been posted from a Twitter account supposedly operated by Turkish
hacking group “Bozkurtlar” – or “Grey Wolves.” The group appears to be
making good on their threat to release data of more Asian banks – an
indication that more such disclosures may be expected in the region, in
the near future.
been posted from a Twitter account supposedly operated by Turkish
hacking group “Bozkurtlar” – or “Grey Wolves.” The group appears to be
making good on their threat to release data of more Asian banks – an
indication that more such disclosures may be expected in the region, in
the near future.
Analyzing the Data
The latest targeted banks have not replied to a request for comment
from Information Security Media Group. Several security experts who have
been following Bozkurtlar say that while the data in the newest leak
appears genuine, the volume of data from these five banks is relatively
small compared to the massive QNB and InvestBank dumps.
from Information Security Media Group. Several security experts who have
been following Bozkurtlar say that while the data in the newest leak
appears genuine, the volume of data from these five banks is relatively
small compared to the massive QNB and InvestBank dumps.
The file archives posted were 251 MB for Business Universal
Development Bank, 47 MB for Sanima Bank, 11.2 MB for The City Bank, and
312 and 95 Kilobytes for Dutch Bangla Bank and Trust Bank, respectively.
Development Bank, 47 MB for Sanima Bank, 11.2 MB for The City Bank, and
312 and 95 Kilobytes for Dutch Bangla Bank and Trust Bank, respectively.
The scope of the data varies widely. But preliminary analysis,
researchers say, shows that each of the zip files contains at least some
customer information or account credentials.
researchers say, shows that each of the zip files contains at least some
customer information or account credentials.
Security engineer and RootedCON conference organizer Omar Benbouazza
tells ISMG that his analysis of the data points to a webshell upload
being used at Sanima Bank and the Dutch Bangla Bank, as was the case of
the Qatar National Bank. A webshell is a piece of code uploaded to a
server or computer, allowing attackers to gain access, escalate
privileges as admin/root and control the entire system. It can also can
be used to extract the entire information stored in the system.
tells ISMG that his analysis of the data points to a webshell upload
being used at Sanima Bank and the Dutch Bangla Bank, as was the case of
the Qatar National Bank. A webshell is a piece of code uploaded to a
server or computer, allowing attackers to gain access, escalate
privileges as admin/root and control the entire system. It can also can
be used to extract the entire information stored in the system.
A primary researcher in this case, who requested anonymity, says that
the data posted for each of the banks appears to be old – the latest
being from The City Bank dates to August 2015. This, he says, raises a
question about whether the leaks are the result of recent breaches, as
claimed by Bozkurtlar, or if the group has simple aggregated data from
older incidents and posted it.
the data posted for each of the banks appears to be old – the latest
being from The City Bank dates to August 2015. This, he says, raises a
question about whether the leaks are the result of recent breaches, as
claimed by Bozkurtlar, or if the group has simple aggregated data from
older incidents and posted it.
In a statement shared with ISMG, InvestBank says the data tied to the
bank is from a breach in December 2015. “No new hack has happened, as
claimed by these attackers,” InvestBank says.
bank is from a breach in December 2015. “No new hack has happened, as
claimed by these attackers,” InvestBank says.
Content of Latest Leaks
The researcher who asked not to be named says that while the latest
postings do not seem as significant as the previous two disclosures,
there are still elements that should be of concern. No credit card
numbers are present in the latest data dump, unlike the QNB and
InvestBank leaks, he says. Taking each of the bank’s data individually,
attempts have been made to verify the authenticity.
postings do not seem as significant as the previous two disclosures,
there are still elements that should be of concern. No credit card
numbers are present in the latest data dump, unlike the QNB and
InvestBank leaks, he says. Taking each of the bank’s data individually,
attempts have been made to verify the authenticity.
His analysis of the data reveals the following:
- Dutch Bangla Bank – Dhaka, Bangladesh: This 312 KB archive
appears to contain records of customer banking transactions – either
physical or internet banking. The researcher says that using admin
credentials found in clear text in the dump, he was able to gain access
from the public internet to the bank’s ATM transaction analyzer for
research purposes. The username/password appear to be very simple or
default, he explains. “The website of Dutch Bangla bank appears to
contain vulnerabilities and could have been the point of penetration to
the internal servers or files.” -
Trust Bank – Dhaka, Bangladesh: The smallest
archive at 96 KBs, the file contains two spreadsheets that, among other
things, contain user ID, email, username and encrypted passwords. The
latest file is from June 2015. - The City Bank – Dhaka, Bangladesh: This 11.2 MB dump has a
single spreadsheet, which appears to contain the personal information of
at least 1 million bank customers. Details include: full name, father’s
name, mother name, date of birth, age, mailing address, contact number,
permanent address and email. The most recent data is from August 2015. - Sanima Bank – Kathmandu, Nepal: This 47 MB archive contains a
spreadsheet with customer information that includes name, account
balance with current withdrawal and deposit details for the account. The
most recent data is from February 2015. The bank’s website appears to
have been recently upgraded to enhance security, according to a message
on the site, which asks users to change their passwords. An April 21,
2015 op-ed column in the online edition of the Kathmandu Post newspaper refers to fraud having taken place at Sanima Bank, although no other mention of the fraud is available on the site. - BUD Bank – Kathmandu, Nepal: The largest of the archives
released by Bozkurtlar hackers on May 10, the 251 MB file appears to
contain email communication of senior management and managers in
Microsoft Outlook format. The data also contains phone-banking customer
details, including phone number, username, encrypted password and
customer ID. The most recent data is from January 2015.
InvestBank Denies New Hack Took Place
InvestBank stressed in a statement provided to ISMG on May 10 that no
new hack has taken place this year. “This is the same set of old data
[from a previous incident] that has been released again for unknown
reasons,” the bank says. “We have not been contacted by anyone, [and
are] unable to speculate on the motives or confirm whether or not it is
the same group.”
new hack has taken place this year. “This is the same set of old data
[from a previous incident] that has been released again for unknown
reasons,” the bank says. “We have not been contacted by anyone, [and
are] unable to speculate on the motives or confirm whether or not it is
the same group.”
InvestBank, which acknowledges that it suffered a data breach last
December, says that publishing the data – and the ensuing media
attention – has had a negative impact on its business. The bank declined
to provide further details about the breach.
December, says that publishing the data – and the ensuing media
attention – has had a negative impact on its business. The bank declined
to provide further details about the breach.
Sources at the bank tell ISMG that after the 2015 breach, the bank
underwent a complete forensic analysis by federal agencies and private
investigators, following which reports were submitted to the regulator
and steps taken to harden security. Threat Intelligence firm iSight
Partners has also published analysis that suggested that the recent leak
– perpetrated by actors using the names “Bozkurt Hackers” and “AntiQNB”
– appears to correlate with the 2015 InvestBank leak.
underwent a complete forensic analysis by federal agencies and private
investigators, following which reports were submitted to the regulator
and steps taken to harden security. Threat Intelligence firm iSight
Partners has also published analysis that suggested that the recent leak
– perpetrated by actors using the names “Bozkurt Hackers” and “AntiQNB”
– appears to correlate with the 2015 InvestBank leak.
“This new claimed leak of InvestBank data seems to corroborate our
previous suggestion that there may be a link between these actors and
‘Hacker Buba,’ who leaked data from InvestBank in … 2015,” it says in a
research note.
previous suggestion that there may be a link between these actors and
‘Hacker Buba,’ who leaked data from InvestBank in … 2015,” it says in a
research note.
But one researcher analyzing the May 7 data dump claims the
InvestBank data does not extend beyond October 2015. The data dump
appears to have been taken from a single system, possibly belonging to
the database administrator at InvestBank, whose details have been found
in a personal folder with the dump, the researcher says. InvestBank
declined to comment on the idea.
InvestBank data does not extend beyond October 2015. The data dump
appears to have been taken from a single system, possibly belonging to
the database administrator at InvestBank, whose details have been found
in a personal folder with the dump, the researcher says. InvestBank
declined to comment on the idea.
