14 DAY TRIAL // A hacker known by the name of Hacker Huba tried to extort InvestBank, a local bank from the city of Sharjah, United Arab Emirates (UAE), asking for a $3 million / €2.83 million ransom, local newspaper GulfNews reports.
The hacker had apparently managed to breach the bank's IT system and stole vast amounts of information from InvestBank's database.
After he completed his intrusion, Hacker Buba sent emails to the bank's management, asking for a $3 million / €2.83 million ransom, or he would release the data online. To remain anonymous, the hacker requested the payment in Bitcoin. Bank officials refused and immediately contacted law enforcement.
Bank refused to give in to the threats
Angry that his plan didn't go as intended, the hacker started leaking small batches of information about the bank's customers each day on Twitter, starting with November 18.
The bank reported the account to Twitter's support staff five days later, and Hacker Buba got his account suspended.
He registered a new account the same day, and immediately leaked details for 500 bank customers in one single tweet as payback.
To make things worse, the hacker also started contacting clients directly via email and SMS, asking for smaller ransom payments, or he'd leak their account statements. Even after data for individual customers was leaked, the bank refused to pay the ransom.
Hacker tried to bribe a local reporter for his silence
The hacker has managed to avoid investigators to this day. His whereabouts and nationality are unknown. Previous tweets are in Indonesian, the Twitter geo-location data pinpoints to somewhere in Hungary, while the telephone number used for sending SMS messages is registered in the UK.
Mazhar Farooqui, the reporter that broke the story for GulfNews, was contacted by the hacker via Twitter to prevent him from publishing his story. Hacker Buba offered a 5% cut out of all the ransoms.
"I give u 5 % from total I get. Have many banks from UAE, Qater, ksa and etc. Will work together," said Hacker Buba.
Editor's note: GulfNews did not name the bank. This information comes via Office of Inadequate Security, whose editors saw the tweets before being deleted. The hashtags #investbank #hacked were used in each tweet.
Just yesterday we reported on a similar incident where Armada Collective, a hacking crew specialized in DDoS attacks, tried to extort three Greek banks for 20,000 Bitcoin ($7,210,000 / €6,790,000), for each bank.