Slashdot Mirror

← Back to Stories (view on slashdot.org)

After Demanding $3 Million Ransom, Hacker Dumps Massive Customer Financial Data (dailydot.com)

Posted by timothy on from the an-honest-thief dept.

Patrick O'Neill writes: Just over week after a hacker breached a United Arab Emirates Bank, demanding a $3 million ransom to stop tweeting customers' information, he appears to have dumped tens of thousands of customer files online. The actual data appears to be real. And it's vast. One database analyzed by the Daily Dot includes the sensitive information of around 40,000 customers, including their full names, credit card numbers, and birthdays. One account contained 4,7174,962.38 dirham, or $12,844,589.77. Those accounts' total earnings add up to $110,736,002. One bank executive confirmed the hack to Farooqui, adding that, "This is blackmail."

13 of 124 comments (clear)

  1. Um, yeah ... by gstoddart · · Score: 5, Insightful

    "This is blackmail."

    Yes, that's exactly what it is.

    What do you think holding something for ransom is?

    --
    Lost at C:>. Found at C.
    1. Re:Um, yeah ... by AmiMoJo · · Score: 4, Insightful

      They shouldn't pay it anyway. All they have is this guy's word that he won't release any (more) data. Maybe they pay him and he sells the data on to someone else, who then demands their $3m ransom too. No matter what happens they will have to treat it as if the information is public now.

      As well as losses due to theft, it will be interesting to see if there are any financial penalties from their regulator or if anyone manages to sue them. For one the people being screwed can afford good lawyers.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:Um, yeah ... by TWX · · Score: 2

      At least duplicating negatives required equipment that most people neither had ready personal access to nor had training on, so if the blackmail content of the negatives was very sensitive then paying a photolab to duplicate the negatives properly could lead to exposing the blackmailer to extra risk.

      Modern digital content doesn't usually require any special equipment or training, and even your average neophyte could do it.

      --
      Do not look into laser with remaining eye.
    3. Re:Um, yeah ... by Wycliffe · · Score: 3, Interesting

      "This is blackmail."

      Yes, that's exactly what it is.

      What do you think holding something for ransom is?

      Holding "something" for ransom isn't blackmail if that something is tangible. Even holding "information" for ransom isn't blackmail. If I have the password and won't give it to you until you give me $1M that's still not blackmail. Blackmail is when you threaten to release information for a ransom. The biggest problem with blackmail (as opposed to holding a password or something tangible for ransom) is that once the other party has that information, giving them the money really doesn't resolve the situation as they can still release it at any time in the future and/or demand more money to maintain status quo. Promises to delete the data, give you the only copy, etc... are hard to enforce or verify.

    4. Re:Um, yeah ... by ravenscar · · Score: 2

      Even in the days of negatives it was relatively easy to doctor photos. If a photo were to make it into the public one could say "That photo isn't real. It has been doctored." The party releasing the photo could say "No it hasn't. Here are the negatives." As any tampering with the negatives would be plainly evident. If the party couldn't produce the negatives the photo would be suspect - especially in a court of law. Where the law ins concerned, courts have always treated photographic evidence with much more skepticism than the general public. Being unable to produce negatives to back up evidence was a good way to have such evidence called into question.

  2. It WAS Blackmail by Anonymous Coward · · Score: 5, Funny

    One bank executive confirmed the hack to Farooqui, adding that, "This is blackmail."

    Dude, it was blackmail. This is a shitstorm.

  3. The problem with paying blackmail by Geoffrey.landis · · Score: 3, Informative

    Only a bankster is stupid enough not to spend a ratio of 3:111 to protect their business.

    The problem with paying blackmail is that it doesn't ever stop.

    --
    http://www.geoffreylandis.com
    1. Re:The problem with paying blackmail by TWX · · Score: 3, Informative

      It does if one takes the opportunity to pay the blackmailer as a means to expose them, to then murder them in a way that leaves evidence of a very prolonged and excruciating death.

      I suspect that one of the reasons that people don't engage in this kind of behavior more often is that it's very, very difficult to collect ransom without subjecting one's self to grievous risk. Wealthy people also have the means to afford to get retribution against someone else if they choose to do so.

      --
      Do not look into laser with remaining eye.
  4. Income inequality by Theaetetus · · Score: 4, Informative
    Complete aside, but...

    One database analyzed by the Daily Dot includes the sensitive information of around 40,000 customers, including their full names, credit card numbers, and birthdays. One account contained 4,7174,962.38 dirham, or $12,844,589.77. Those accounts' total earnings add up to $110,736,002.

    $110.7 million over 40,000 accounts is an average of $2,767.5 per account. That one guy with $12 million has over 4600 times the average.

    1. Re:Income inequality by TheDarkMaster · · Score: 4, Insightful

      Well... The "1% owns everything" is not the usual bullshit or conspiracy theory, is very real.

      --
      Religion: The greatest weapon of mass destruction of all time
  5. blackmail by NostalgiaForInfinity · · Score: 2

    One bank executive confirmed the hack to Farooqui, adding that, "This is blackmail."

    Yes, it is. But it is also something else, something much more important: lousy security, utter disregard for their customers, and negligence on the part of the United Arab Emirates Bank.

    When a bank loses customer data on this scale, the bank is the crook and the victim is the customer. Trying to portray the bank as the victim (of blackmail) adds insult to injury.

  6. That sensitive information shouldn't be sensitive by PeterM+from+Berkeley · · Score: 2

    Does knowing birthdays, names, addresses, SSN's prove that a person *is* the person with that name, birthday and SSN?

    Not anymore! All that information has been stolen so many times.

    So any lender, or banker, who gives out money (loan or otherwise) to a person based solely on birthday, name, address and SSN has NOT done due diligence, and the bank should have FULL liability for any theft that occurs, NOT the poor unfortunate that rightfully owns the identity.

    We badly need to reform this system that uses such weak proofs of identity as "knowing' something. And we badly need to start blaming lenders/bankers for fraud that occurs because they are too stupid to realize that the data I mentioned isn't proof of identity.

    --PM

  7. You can't pay the ransom by ZorinLynx · · Score: 4, Insightful

    They have the information. They can release it any time.

    You might pay the ransom, then they'll demand more money a year down the line.

    It sucks that the customer data got released, but paying a ransom isn't the right way to deal with this. Improve security, make it harder to breach the systems. Paying ransoms just encourages more ransoms in the future.

    If the criminals know they'll never get their ransom paid, they'll stop. (and move onto other criminal endeavors I'm sure... but that's criminals for ya)