Slashdot Mirror
After Demanding $3 Million Ransom, Hacker Dumps Massive Customer Financial Data (dailydot.com)
Patrick O'Neill writes: Just over week after a hacker breached a United Arab Emirates Bank, demanding a $3 million ransom to stop tweeting customers' information, he appears to have dumped tens of thousands of customer files online. The actual data appears to be real. And it's vast. One database analyzed by the Daily Dot includes the sensitive information of around 40,000 customers, including their full names, credit card numbers, and birthdays. One account contained 4,7174,962.38 dirham, or $12,844,589.77. Those accounts' total earnings add up to $110,736,002. One bank executive confirmed the hack to Farooqui, adding that, "This is blackmail."
Yes, that's exactly what it is.
What do you think holding something for ransom is?
Lost at C:>. Found at C.
One bank executive confirmed the hack to Farooqui, adding that, "This is blackmail."
Dude, it was blackmail. This is a shitstorm.
this would probably stop happening.
The real question is how much terrorist funding is going to show up in the data dumps and how is the US government going to justify not going after people who fund the terrorist because they are our "friends"?
Just in time for a holiday shopping spree, paid for by ISIS!
Where is the data dump? I would like to look at it and figure out how many politicians are hiding money overseas.
One bank executive confirmed the hack to Farooqui, adding that, "This is blackmail."
No shit, Sherlock!
This bank executive's a real genius; I never would have guessed that this is blackmail. /s
Exactly. Those Republicans are getting what they deserve.
How very American, to project American political divisions onto countries ten thousand kilometers away,
Just over week after a hacker breached...
Doesn't anybody proofread the summary before it's posted? It should say "Just over a week after a hacker breached...".
Only a bankster is stupid enough not to spend a ratio of 3:111 to protect their business.
The problem with paying blackmail is that it doesn't ever stop.
http://www.geoffreylandis.com
One database analyzed by the Daily Dot includes the sensitive information of around 40,000 customers, including their full names, credit card numbers, and birthdays. One account contained 4,7174,962.38 dirham, or $12,844,589.77. Those accounts' total earnings add up to $110,736,002.
$110.7 million over 40,000 accounts is an average of $2,767.5 per account. That one guy with $12 million has over 4600 times the average.
Teehee, you said 'SJW'
You know that instantly renders your opinions as a joke, yeah?
When will companies actually care about peoples private information? Never. Never ever ever. How long will it be before we admit this to ourselves?
Quite a sexist assumption there. Since women are underrepresented in STEM and programming jobs and need special schools and special treatment, shouldn't they get the same in hacking? /sarcasm
Yeah, it's a good marker for filtering out worthless/offtopic comments.
Breaches like this shouldn't fucking happen in the first place. With this many breaches, it's clear to me that companies need to change the way private information is handled. Because they are doing it wrong.
I'm sure this can say somethings very interesting and meaningful - perhaps it should be staged to kaggle for analysis.
Yes, it is. But it is also something else, something much more important: lousy security, utter disregard for their customers, and negligence on the part of the United Arab Emirates Bank.
When a bank loses customer data on this scale, the bank is the crook and the victim is the customer. Trying to portray the bank as the victim (of blackmail) adds insult to injury.
The data is still there. http://bckalev.ee/invest/
Nice bandwidth too.
Did you really just plug your ears and hum? I did wonder if that's how they handle things.
I'm stick of the low coding standards and inadequate code reviews/security audits at every stage of the development process.
As an example I don't want an 802.11ac adapter. I want a stable, open (not that fake 'open source' crap we get that is dependant on non-free pieces either), bug-free, and well developed 802.11n adapter. The same applies to pretty much everything. The problem is we keep jumping ships without ever having really written a stable, bug-free, secure bit of code for really anything.
If the bank executive had been carrying a gun, this wouldn't have happened!
Just over week after the hacker dumped a United Arab Emirates Bank's customers information on the net, his severed head appears to have been dumped in a garbage bin.
Is it wise to attack a bank in a country where petty thieves lose the hand to justice and major criminals are beheaded in public? One must be 101% positively sure he will never be caught, else...
Does knowing birthdays, names, addresses, SSN's prove that a person *is* the person with that name, birthday and SSN?
Not anymore! All that information has been stolen so many times.
So any lender, or banker, who gives out money (loan or otherwise) to a person based solely on birthday, name, address and SSN has NOT done due diligence, and the bank should have FULL liability for any theft that occurs, NOT the poor unfortunate that rightfully owns the identity.
We badly need to reform this system that uses such weak proofs of identity as "knowing' something. And we badly need to start blaming lenders/bankers for fraud that occurs because they are too stupid to realize that the data I mentioned isn't proof of identity.
--PM
I was thinking about ways the bank could have mitigated the effects of the attack. Would it be worth releasing piles and piles of false identities? Generate so much noise that anyone who'd want to use the data would have no way to separate the wheat from the chaff.
Only 3 million? When such a data dump likely to be way more damaging? Wow
Including the immediately preceding comment suggesting the term is valueless. Which is valueless. Most of these activists are rebels without a clue.
They have the information. They can release it any time.
You might pay the ransom, then they'll demand more money a year down the line.
It sucks that the customer data got released, but paying a ransom isn't the right way to deal with this. Improve security, make it harder to breach the systems. Paying ransoms just encourages more ransoms in the future.
If the criminals know they'll never get their ransom paid, they'll stop. (and move onto other criminal endeavors I'm sure... but that's criminals for ya)
but lousy system security and operational incompetence preceded it.
So any lender, or banker, who gives out money (loan or otherwise) to a person based solely on birthday, name, address and SSN has NOT done due diligence
Those bankers are operating outside banking regulations. As anyone working in a financial sector in most western/BIS regulated companies will tell you there is a specified criteria required by law to identify a customer. We are regularly audited on this by internal and external auditors and regulators. The entire bank once a year, each department more intensely every 5 years. I cannot speak for non-western banks but I suspect they undergo similar regimes of inspection, especially if they want to connect to western European and North American banking systems.
I'd especially expect that a bank might be well-versed in ways to track money, and have friends that would cooperate in making it difficult so as to reduce such blackmail overall. And given the bank in question, I'd also expect that things would go rather badly for the culprit once tracked down.
It's called "speculative invoicing".
When the copyright term is "forever minus a day", live every day like it's the last.
Wonder if it will cost them more than $3 million to deal with the fallout from the breach of 40K customers. Perhaps it would have been cheaper to pay the ransom.