14 DAY TRIAL // The Turkish hacker group Bozkurtlar, translated as the Grey Wolves, has supposedly leaked data on six more international banks during the past week.
The hackers leaked details for the Dutch Bangla Bank (Bangladesh), The City Bank (Bangladesh), Trust Bank (Bangladesh), Business Universal Development Bank (Nepal) and Sanima Bank (Nepal) on Tuesday, and then for the Commercial Bank of Ceylon (Sri Lanka) on Thursday.
Previously, the group released details from the Qatar National Bank, and then UAE's InvestBank. While the Qatar National Bank admitted to a data breach incident, InvestBank said its data was recycled from a violation dating back to last year.
The first data breach was small...
The first batch of leaked files, from the first five banks, barely weighed together more than 300 MB. The content of these files, courtesy of BankInfoSecurity, is as follows:
Dutch Bangla Bank - 312 KB - leaked data contains details about customer transactions. Some credentials labeled as admin are also included.
The City Bank - 11.2 MB - leaked data includes one single Excel spreadsheet with details for 1 million and more bank customers. Sensitive details included full names, dates of birth, addresses, emails, and phone numbers.
Trust Bank - 96 KB - leaked data was only two spreadsheets files, with very few customer details such as user IDs, emails, usernames, and encrypted passwords.
Business Universal Development Bank - 251 MB - leaked data contains details about customers such as usernames, phone numbers, and encrypted passwords, but the bulk of the files are internal bank email communications.
Sanima Bank - 47 MB - the data dump contains spreadsheets with customer information such as real names, account balances with current withdrawal and deposit details.
... the second, not so much
The second announced breach, from the Commercial Bank of Ceylon, was much bigger, totaling 6.97 GB and holding over 158,000 files.
The data found in this dump varied from PHP files to annual bank reports, and from server backups to bank financial statements.
Details found in the server logs point to the fact that the attacker might have used Hajiv to compromise the bank's systems.
Hajiv is a penetration testing toolkit used for discovering SQL injection points, also employed by many hackers. Since the Qatar National Bank hack was attributed to an SQL injection flaw too, also carried out with Hajiv, it may be possible that the tool was used in all attacks.