Computer Crime Research Center


UAE banks hit by hackers

Date: July 18, 2005
By: Peter Branton and Jane Plunkett

Banks across the UAE were hit by a wave of hacking attacks last month, with at least two banks reporting they had fought off the hackers. National Bank of Dubai (NBD) and Mashreqbank have both confirmed to IT Weekly that such attempts have been made on their systems in the past few weeks.

Tony O’Connor, NBD’s IT security risk manager, said client information stolen from customer PCs have allowed hackers to lodge these attacks. “[We have found] unauthorised access to customers’ accounts. At some level the devices that control access to a customer account — password, pin number, or whatever a bank might have employed — have been compromised in some way,” O’Connor said.

“What we found is that the vulnerability of the process lies, unfortunately, in the customers’ computers,” he added.

“We tend to think it has been compromised through spyware that is fairly sophisticated because most banks employ a randomised virtual keypad for one aspect of the access device,” O’Connor explained.

An NBD spokesperson, in an e-mail reply to questions, said that the bank has immediately set up extra security measures to thwart hacking incidents. “We have put controls in place to augment our automated outward transfers with operational checks for suspicious transactions based on beneficiary’s domicile, transaction amount, etc.”

“We have detected all attempts using our operational controls,” the spokesperson said.

Like NBD, Mashreqbank revealed that customer account information had fallen into the hands of hackers. But the bank was adamant the data was taken from customers’ own PCs, not from the bank’s systems.

Mashreqbank temporarily suspended its third-party online payments service last month after it detected evidence of hacking activity (see IT Weekly, 2-8 July 2005). The bank sent out an urgent warning to its customers by e-mail to change their passwords from a secure PC.

According to an information security manager at Mashreqbank, hackers had managed to acquire account numbers and passwords for between 40 and 60 bank accounts, of which only three were still active.

The first indicators of hacking activity began in May, with initial hacking attempts on June 1, followed by a wave of attacks on June 13. “We started seeing it at about 11am. It went on for several hours… a series of probes,” the security manager said.

“We identified IP addresses from Guam, the US, the UK and other places; a total of 82 in all. We were liasing with other banks in the area and they were seeing similar activity,” he added.

The attackers had gained the account details from customers’ individual PCs, the manager said. “The accounts in question were not rich accounts, they didn’t have such facilities as international money transfers on them, so we were able to detect the attacks easily,” he claimed.

“Mashreqbank has since conducted full checks of all transactions and is satisfied the attacks had not succeeded, he said.

A spokesperson for the bank said it reconfirmed that none of its accounts had been hacked.

“What we are trying to tell customers is that their own PCs might not be secured enough and therefore have requested them to update their antivirus software as well as their passwords,” the spokesperson said.

While Mashreqbank claimed that online banking services were back to normal within a few days, a bank customer who contacted IT Weekly said that he could not transfer money back. He received a statement from the bank, which said that the maximum amount that could be transferred was reduced from US$10,000 to US$1000, although the intention was for it to be “gradually restored within the next few days after we have alerted all users to the risks and suggestions of how to overcome them.”

Kevin Isaac, regional director for Symantec Middle East and Africa, said such attacks were done by organised gangs, not casual hackers. “It is certainly not a game to them, it’s a criminal operation,” he added.
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2009-04-25 19:05:36 - i want my account. ali
2009-04-25 18:58:27 - teransfer money. ali
2009-04-25 18:57:08 - teransfer money. ali
Total 3 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo