A sinister cyber criminal has hacked into a Sharjah bank and is now holding it to ransom by leaking confidential data of clients on social networking and microblogging site Twitter every few hours, XPRESS can reveal.
The criminal who goes by the moniker Hacker Buba and uses a stolen picture of a bank staff says he will not stop until the bank pays him an undisclosed amount of ransom money in the digital currency Bitcoin (explained below) by this weekend.
True to his word, he has been posting the account statements of government entities and scores of UAE firms and individuals daily since November 18.
On November 23, the bank got Twitter to suspend Hacker Buba’s account but the reprieve was short-lived. The following day, he created a new identity and was back with a vengeance, uploading account statements of 500 bank customers in just one tweet attachment.
Earlier, Hacker Buba had sent warning text messages and emails to several bank customers, saying their accounts were under his “control” and that they must pay him directly or get their bank to do so failing which he would release their bank statements online.
Hours later he carried out the threat, creating panic among customers.
The bank admitted the cyber attack and confirmed they have been sent a ransom note.
“Yes, there was a data breach and we have been contacted by Hacker Buba. He is asking for money but I cannot reveal how much. This is blackmail. We have reported the matter to UAE Central Bank. The Telecom Regulatory Authority’s (TRA) Computer Emergency Response Team (aeCERT) is investigating,” the bank’s chief financial and operating officer told XPRESS.
“We won’t give in to any extortion threat. In any case there has been no financial loss. All what this man has is some customer information and he’s trying to use it as a bargaining chip,” he added.
However, customers affected by the breach, possibly the worst in UAE’s history are horrified and angry. “This is far more serious than what it’s made out to appear. I feel naked as my entire company stands exposed. Our financial transactions, client details, everything is on a public platform,” said the finance officer of an investment firm in Dubai.
The owner of an Abu Dhabi based contracting company said the damage to his business was ‘irreversible’ while the director of a Sharjah-based food industries firm blamed the bank for lax cyber security.
Many companies and individuals didn’t even know their personal details had been posted online until XPRESS called them.
“I am shocked beyond disbelief. At least the bank could have informed us,” said the founder of a real estate firm in Dubai.
It’s not clear how the hacker broke into the bank’s computers. In a direct message to this journalist via Twitter, Hacker Buba claimed he is seeking $3 million and has access to the bank database and back up files from all its servers.
“Cyber attacks are becoming increasingly popular because of the vulnerabilities in the system architect. Banks need to invest in systems that talk to each other intelligently. The key word here is integration. A system that is integrated from the security perspective prevents hacking and allows one to act in real time in case of a cyber attack,” said Hamed Diab, regional director MENA, Intel Security
Another cyber security expert said it’s nearly impossible to trace such hackers as they are experts in covering their digital footprints and creating fake trails. “Hacker Buba’s Twitter location points to a county in Hungary, his previous posts are in Indonesian language while the SMS sent to customers were from a cellphone with a UK number,” the expert said.
What are Bitcoins?
Bitcoin is a an electronic alternative to cash currency for paying over the Web. No one controls it. Bitcoins aren’t printed, like dollars or euros. The thing that makes it different to conventional money, is that it is decentralised. Of late, the use of bitcoin by criminals has the attention of financial regulators, legislative bodies, law enforcement and media.
Hacker tries to bribe XPRESS Editor
Hacker Buba offered this journalist five per cent of the total ransom amount to cooperate with him. “I give u 5 % from total I get. Have many banks from UAE, Qater, ksa and etc. Will work together,” he said in a direct message on twitter.