Hacker Leaks Customer Data After a United Arab Emirates Bank Fails to Pay Ransom

Share this…

A HACKER WHO broke into a large bank in the United Arab Emirates made good on his threat to release customer data after the bank refused to pay a bitcoin ransom worth about $3 million.

The hacker, who calls himself Hacker Buba, breached the network of a bank in Sharjah last month reportedly identified as Invest Bank, and began releasing customer account and transaction records via Twitter.

Although extortion hacks using ransomware are a growing trend, it doesn’t appear that the hacker in this case used ransomware. Ransomware involves malware installed on a victim’s machine that encrypts their data or otherwise locks them out of their system until they pay a ransom, usually in Bitcoin. In this case, it appears the bank still had access to its systems, and the hacker merely siphoned the data.

The news was first reported by the Dubai-based newspaper Xpress. According to the journalist, the hacker offered to give him 5 percent of the paid ransom for his cooperation, though it’s unclear what kind of cooperation he was seeking from the reporter. He reportedly told the journalist that he had data from other banks as well. “I give u 5 % from total I get. Have many banks from UAE, Qater, ksa and etc. Will work together,” he reportedly wrote in a direct message to the reporter via Twitter.

The hacker reportedly used the picture of an Invest Bank employee for his Twitter avatar to post the account statements of government officials and UAE firms on November 18. Although Twitter closed the account, the hacker opened a new one and released the account statements of some 500 bank customers.

Hacker Leaks Customer Data After a United Arab Emirates Bank Fails to Pay Ransom

He also sent text messages and emails to bank customers, using contact details gleaned from their bank account records, and threatening to release their records online unless they or the bank paid him a ransom.

“Yes, there was a data breach and we have been contacted by Hacker Buba. He is asking for money but I cannot reveal how much. This is blackmail,” the bank’s chief financial and operating officer told Xpress. “We won’t give in to any extortion threat. In any case there has been no financial loss. All what this man has is some customer information and he’s trying to use it as a bargaining chip.”

Most of the bank’s customers, however, did not learn that their data had been stolen and published online until the newspaper contacted them.

Files purporting to come from the hacker, and viewed by WIRED, appear to show bank customer credit card transactions for purchases made at retailers and restaurants around the world, including the US. The records include the credit card number, amount of purchase and authorization code, though not the customer name. Other files purport to show the balances on 50,000 bank cards. Some of the files are Excel spreadsheets; others appear to be entire SQL databases stolen by the hacker.