[BreachExchange] QNB hacking: what we know so far

Audrey McNeil audrey at riskbasedsecurity.com
Mon May 2 19:03:47 EDT 2016


http://gulfnews.com/business/sectors/banking/qnb-hacking-what-we-know-so-far-1.1816989

Details of the Qatar National Bank (QNB) hacking are still unravelling the
week after 1.4 gigabytes of sensitive customer data first appeared online
that purportedly includes information on Qatar’s royal family.

It took five days for QNB, the Middle East’s largest lender, to confirm the
data leak was authentic. The bank says its reputation was the target and
not its customers’ financial accounts.

The data dump, which was mirrored on a whistle-blower website and later
removed, reportedly shows transaction logs, personal identification numbers
and credit card details. Other folders in the leak provide information on
Al Jazeera journalists and purportedly Qatar’s royal family and a list of
alleged foreign spies working in Qatar.

A folder labelled as “SPY, Intelligence”, reportedly includes information
on agents from MI6 — the UK’s foreign intelligence service, and from
American, French and Polish intelligence. There are also folders labelled
Al Thani, which is the name of Qatar’s royal family, Mukhabarat — Qatar’s
State Security Bureau, Ministry of Defence and Al Jazeera.

The files are not all the same but many contain bank logins, passwords,
security questions and answers, phone numbers, emails and Qatari national
identification numbers.

What we don’t know

The identity of the hackers is not known, neither is it known whether they
have made any demands.Some hackers have in the past tried to ransom the
information they have stolen.

There is speculation the attackers are Turkish after a video showing QNB
customer information appeared over the weekend that included the text
“Bozkurt Hackers”. Bozkurt is a Turkish town in the Aegean Region.

The video, which has since been removed, appeared on YouTube with
information of the supposed foreign spies working in Qatar that are in the
QNB leak. The video shows names, photographs and credit card details of the
alleged spies. The video, which Gulf Newswas unable to independently
verify, threatens to release more information from the hack this week.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160502/2545daa8/attachment.html>


More information about the BreachExchange mailing list