On April 25th, it was reported that the Turkish hacker group Bozkurtlar announced in its Twitter account (which has since been closed), and on a video, that it was able to break into the computers of Qatar National Bank (QNB) and steal information. It was also announced that another bank was hacked, from which the group will soon release information dated 2001 forward.
Various reports indicate that the leaked information apparently included personal information and not financial data, which raised the possibility that the objective the action may be intelligence purposes and not economic. In this context it is argued that part of the information leaked was focused on a relatively limited number of factors, including officials whom “Some were accused of being spies,” and “information of money transfers, as well as teams of Al-Jazeera, and those working with the security authorities“.
The attack was executed by penetration to the Bank’s database using SQL Injections as a result of a weakness in the online banking application, which resulted in penetration to the internal systems of the bank, together with the lack of encryption in the database. Worse than that, it turns out that the hackers were probably inside some accounts for about two hundred days without being discovered by the security of the bank, which discovered the penetration only when it reached social media.
פוסט זה זמין גם ב: עברית