A Turkish hacking group has leaked data belonging to three banks in Bangladesh, according to US-based cyber security related website Data Breach Today.
The latest banks whose data has been posted online include the Dutch Bangla Bank, The City Bank and Trust Bank.
According to the report, hacking group Bozkurtlar also leaked data of two Nepalese banks — Business Universal Development Bank and Sanima Bank.
Links to the file archives containing data from all the banks have been posted from a Twitter account supposedly operated by Turkish hacking group “Bozkurtlar” – or “Grey Wolves.”
Data Breach Today said the targeted banks have not replied to a request for comment on the data leak.
Citing several security experts who have been following Bozkurtlar, Data Breach Today reported that the file archives posted were 11.2 MB for The City Bank, and 312 and 95 Kilobytes for Dutch Bangla Bank and Trust Bank, respectively.
The scope of the data varies widely. But preliminary analysis, researchers say, shows that each of the zip files contains at least some customer information or account credentials.
Security engineer and RootedCON conference organizer Omar Benbouazza tells Information Security Media Group that his analysis of the data points to a webshell upload being used at Sanima Bank and the Dutch Bangla Bank, as was the case of the Qatar National Bank.
A webshell is a piece of code uploaded to a server or computer, allowing attackers to gain access, escalate privileges as admin/root and control the entire system. It can also be used to extract the entire information stored in the system.
A primary researcher in this case, who requested anonymity, says that the data posted for each of the banks appears to be old – the latest being from The City Bank dates to August 2015.
This, he says, raises a question about whether the leaks are the result of recent breaches, as claimed by Bozkurtlar, or if the group has simple aggregated data from older incidents and posted it.
His analysis of the data reveals the following:
Dutch Bangla Bank: This 312 KB archive appears to contain records of customer banking transactions – either physical or internet banking. The researcher says that using admin credentials found in clear text in the dump, he was able to gain access from the public internet to the bank’s ATM transaction analyzer for research purposes. The username/password appear to be very simple or default, he explains. “The website of Dutch Bangla bank appears to contain vulnerabilities and could have been the point of penetration to the internal servers or files.”
Trust Bank: The smallest archive at 96 KBs, the file contains two spreadsheets that, among other things, contain user ID, email, username and encrypted passwords. The latest file is from June 2015.
The City Bank: This 11.2 MB dump has a single spreadsheet, which appears to contain the personal information of at least 1 million bank customers. Details include: full name, father’s name, mother name, date of birth, age, mailing address, contact number, permanent address and email. The most recent data is from August 2015.
Source: Dhaka Tribune
