Turkish Hackers Claim Responsibility for Qatar National Bank Breach

Last week, reports of a breach on the Qatar National Bank (QNB) surfaced after troves of customer data were said to have been dumped online. The 1.5-gigabyte data dump reportedly consisted of customer information containing bank credentials, telephone numbers, payment card details, and dates of birth.

The data was arranged into nine various folders, including those named “Al-Jazeera”, “Police Security”, “Defence and etc”, and “Mukhabarat”, which is Arabic for intelligence services. Apart from these, a different folder was also found under the name “Al-Thani”, likely referring to Qatar’s ruling family. Other documents acquired also contained images of account holders, which were obtained from social media accounts like Facebook and LinkedIn. According to Reuters, one document recovered from the dump contains overseas remittance data with dates as recent as September 2015. Another comprises of significant information of over 465,000 QNB accounts, though only a small percentage of these show full account details.

While the legitimacy and authenticity of the documents have not all been verified, a number of individuals directly contacted by researchers included in the data dump have confirmed the accuracy of details divulged in the leaked documents. 

In a statement posted on QNB’s official website dated April 26, bank officials noted, “Referring to social media speculation in regard to an alleged data breach, it is QNB Group policy not to comment on reports circulated via social media. QNB would like to take this opportunity to assure all concerned that there is no financial impact on our clients or the Bank. QNB Group places the highest priority on data security and deploying the strongest measures possible to ensure the integrity of our customers' information.” It added, “QNB is further investigating this matter in coordination with all concerned parties.”

Much more recently, on Sunday, May 1, officials of the QNB acknowledged the breach, confirming that it is more than just “social media speculation”. However, QNB assured that the attack only managed to target a portion of its Qatar-based customers. The statement reads, “QNB Group’s Risk Team monitored abnormal activity in our system environment, this was immediately communicated to relevant authorities. We also took immediate steps and our systems are fully secure and operational.” In addition, “While some of the data recently released in the public domain may be accurate, much of it was constructed and contains a mixture of information from the attack as well as other non-QNB sources, such as personal data from social media channels.”

Located in Doha, QNB is Qatar’s largest bank and the second-largest in Africa and the Middle East in terms of assets, with subsidiaries and associate companies operating in over 27 countries. Its workforce number at least 15,300 employees in more than 640 locations. The immensity of the bank and its vast customer base, according to researchers, are an easy lure for cybercriminals to mount attacks to discredit its credibility and for hacktivists to cry foul over the government’s authoritarian ways. As such, in its official message, the financial institution believes that the attack is not targeting the bank’s customers but an attempt to tarnish its reputation. It was assured that “no financial impact on QNB Group’s customers” and a third-party expert has already been tapped to review all of QNB’s systems and “ensure no vulnerabilities exist”.

On social media, cybercriminals under the guise @bozkurthackers shared an online video claiming responsibility for the breach. Reports note that the display photo used by the account resembles a hand signal reminiscent of the Turkish fascist party, The Grey Wolves. The online confessional led to the group Bozkurt Hackers, a Turkish hacking group whose name refers to a town in the Aegean Region of Turkey.

As of this writing, investigations on the motivations of the group behind the attack and the impact of the breach are still ongoing. While QNB assured of the security of the accounts belonging to its customers, officials encouraged users to remain vigilant and to practice security precautions. A dedicated call center line has also been set up to cater to concerned parties.

QNB notes, “We deeply regret any inconvenience this may have caused to our customers. We at QNB Group place the highest priority on data security and deploy the strongest measures possible to ensure we maintain your trust and the integrity of your information.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Opublikowany w Cyber Attacks, Data Breach, Hacking