Search This Blog

Showing posts with label Bank Security. Show all posts

The data of Alfa-Bank's clients is sold on the black market


The data of Alfa-Bank credit card holders, as well as Alfa Insurance customers came up for sale in the Darknet. The bank confirmed the leak saying that it affects a few customers and does not pose a threat to the money in the accounts.

Seller who published the ad on a hacker forum said that he has up-to-date data on about 3,500 Alfa-Bank customers and about 3,000 Alfa Insurance customers. The ad was published on October 31, the seller registered there on the same day.

To verify the data, the seller suggested to look at 23 contracts. They contained the full name, mobile phone number, passport data, registration address, the amount of credit limit or issued insurance, the subject of insurance, as well as the date of conclusion of the contract. According to the seller, all contracts of Alfa-Bank are issued in October.

When the investigator tried to transfer money by phone number, in 11 of the 13 credit card contracts, the names and first letters of the surnames matched. Also he phoned up nine customers, most of them confirmed that they had recently issued a credit card at Alfa Bank. Fraudsters have already managed to make a call to one of the clients, after which he blocked the card.

Alfa-Bank confirmed the leak. "At the moment, it is reliably known about the illegal distribution of personal data of 15 clients. The occurrence of this situation is not the result of a violation of the protection of the corporate information system of the Bank, " - said the representative of the Bank.

According to him, the leak does not pose a threat to customer accounts, as it does not have data to access them.

Indeed, the contracts do not contain card numbers and CVV-codes, so fraudsters will not be able to get direct access to the money. However, they can use the information to call a customer under the guise of a Bank and find out the necessary information to steal money.
Alfa Insurance has introduced additional security measures and is investigating the publication of customer data.

Recall, in early October Sberbank confirmed of credit card accounts, which affects at least 200 customers of the Bank. It was announced that 60 million credit cards were in the public domain.

Sberbank employee confesses he is the culprit behind the customer data leakage


Recall that on Thursday, Sberbank reported a possible leak of credit card accounts, which affects at least 200 customers of the Bank. According to media reports, at the weekend on one of the forums, which was blocked by Roskomnadzor (Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications), there were messages about the sale of personal data of Bank customers. The authors of the announcement indicated that they have access to data of 60 million cards.

Sberbank assured that the funds of its customers are safe because credit card accounts that do not have CVV codes, as well as logins and passwords from the Internet Bank were in the public domain. So, fraudsters can not steal money from the cards.

According to German Gref, President of Sberbank, Sberbank employees learned about the incident on the day of the leak, October 2: an ad was found with personal data of employees. After that, the employee of security service of Sberbank contacted an attacker trying to sell the stolen data.

During the conversation, it became clear that we are talking about an internal leak, Gref said.

According to a statement on the Bank’s website, "as a result of the internal investigation, the security service of the Bank in cooperation with law enforcement agencies, on October 4, 2019, identified an employee of the Bank born in 1991, the head of the sector in one of the business units of the Bank, who had access to databases and who tried to steal customer information for selfish purposes," the message on the Bank's website reads. The culprit of the leak faces criminal liability.

The leak indirectly affected the data of 200 cardholders of Sberbank, which have already been reissued, so " the owners have nothing to worry about," Gref said. He noted that the reissue took only two days.

Gref also apologized to customers and thanked them, noting their calmness.

Customers of Private Sector Banks Facing Problems in Net and Mobile Banking




Customers of several private sectors and well-known banks complained regarding encountering many issues in net and mobile banking in the course of the last few days, those of HDFC Bank, Kotak Mahindra Bank, and YES Bank are comprehended to have been most influenced by these 'outages'.

The issue, which made its appearance on the 1st of October, is by all accounts has been halfway settled, however numerous customers kept on facing certain issues while signing in to their accounts through the Internet and other apps.

While bank executives note that a mix of the festive season and the beginning of the month when salaries are credited just as some IT issue may have been the other reasons to have expanded the heap on servers. Following the restrictions at Punjab and Maharashtra Cooperative Bank, withdrawals had additionally increased after frenzy among certain depositors.

While the HDFC Bank, which is in the middle of a 'festive sale', appears to have briefly withdrawn an extra security feature for logging into net banking. Kotak Mahindra Bank's net banking page shows this message: “Due to high volume, you may experience some delay while accessing Net Banking. We will fix this soon. We regret any inconvenience caused.”

And at the same time, HDFC Bank spokesperson states that “Transactions through both net banking and mobile (app) banking have been very slow at times over the last couple of days, but they are going through. Though there isn’t nothing to be unduly worried about, we regret the inconvenience caused (to our customers)."

Nevertheless, the banks have guaranteed that they're making a decent attempt to resolve the issue and will ensure that the operations mentioned become, to a great extent, standardized at the earliest opportunity.

Fraudsters started selling customer data of the Russian Bank that fell under the reorganization of the Central Bank


A database of 70,000 Binbank customers leaked to the Internet, which was merged with Open Bank in early 2019. According to experts, this is the fault of the Bank of Russia, which at the stage of the introduction of the interim administration did not bother to check the information security of the credit institution. According to lawyers, clients who suffered as a result of a data leak have a chance to return funds in court.

It is known that for 5 thousand rubles ($77) dealers can get access to the name and surname of the client, find out passport details and place of residence.

Ashot Hovhannisyan, the founder of DeviceLock, said that the sold base consists of clients who at one time applied for an Elixir credit card. According to him, the database was sold to one wholesale buyer, and now several small underground dealers are engaged in trade in personal data.

In addition, according to law enforcement agencies, since the beginning of 2019, about a hundred former clients of Binbank lost their funds and filed a report. The amount of theft from the accounts is from three to one hundred thousand rubles ($ 46 – $1535). It is possible that the data leak affected the actions of Bank fraudsters.

The Federal Service for Supervision of Communications, Information Technology and Mass Communications (Roskomnadzor) sent a written request to Open Bank to clarify the situation. The letter contains a requirement to provide information on the reasons that led to the leak of personal data of bank customers (name, passport details, telephone number and address of clients), about the persons who committed the leak, as well as on the measures taken to eliminate the consequences of the incident.

According to Roskomnadzor, an untimely warning about leaks of personal data threatens the security of personal data of citizens.

Open Bank has denied information about the leak of personal information about Binbank depositors. The Open Bank Press Service stressed that there is no evidence that the leaked database has any relation to the clients of Binbank.

Capital One Data Breach, Hacker gets Access to 100 Million Accounts


A massive data breach to Capital One servers compromised the personal details of an estimated 106 million bank customers and applicants across Canada and the US.

The suspected hacker, Paige Thompson, 33, has been arrested by FBI on Monday. She has shared details about the data breach on a GitHub page earlier in April, according to the criminal complaints.

Thompson broke into a Capital One server and illegally acquired access to customers' names, addresses, credit limit, contact numbers, balances, credit score, and other related data.

According to the documents, the 33-year-old, Seattle resident gained access to 80,000 bank account numbers, 1 million Canadian Social Insurance numbers, and 140,000 Social Security numbers.

Thompson who had previously worked with Amazon Web Services as a software engineer was able to access the data by exploiting a misconfigured web application firewall in company's infrastructure, as per a court filing.

Despite the magnitude of the breach, "no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised," the company told.

Expressing concern over the matter, Chairman Richard Fairbank, said, "While I am grateful that he perpetrator has been aught, I am deeply sorry for what has happened.

"I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right," he assured.

Meanwhile, the company is notifying the victims and aiding them with identity protection and free credit monitoring.



Data of Bank customers in Russia are becoming more expensive on the Darknet


In the first half of 2019, the price of banking customer data has rapidly increased on the Darknet. Thus, the cost of obtaining data on cards or statements of operations increased by 3-7 times. At the beginning of the year, the client's account statement could be purchased for 2 thousand rubles ($ 32), now its cost can reach 15 thousand rubles ($ 238).

According to the Positive Technologies analyst Vadim Solovyov, data on ATMs used by the client appeared on many sites, their price is from 8 thousand ($ 127) to 15 thousand rubles ($ 238). He noted, rather, this information can be used in traditional criminal schemes, for example, so that the fraudster's call to the client sounded more reliable.

"If the cost has increased, it means that the methods of countering leaks in banks have significantly complicated the business of attackers", the Central Bank believes.

The Head of the Information Security Department of the Open-Bank Vladimir Zhuravlev associated the price increase with a change in the type of attacks on customers. According to him, earlier fraudsters often used technical means, such as Trojans, phishing links or skimming. Now 90% of the theft occurs using social engineering methods, where the availability of personal customer data is very helpful to the fraudster.

The Central Bank does not disclose official statistics on the theft of funds of individuals in the first half of the year. However, law enforcement officers recorded an increase in successful thefts from bank accounts. For example, in the Kurgan region, the number of crimes has doubled, in the Smolensk region has grown five times.

According to Stanislav Pavlunin, the Vice-President of Post-Bank, the Bank uses different approaches and methods to combat internal fraud, for example, photo and video shooting of monitor screens, as well as official documents, presentations containing confidential information is prohibited.

It is interesting to note that Sixgill analysts have prepared a report, according to which Russia took the last place in the number of stolen bank cards. The researchers see two reasons for such low rates: the first is a large percentage of Russian cybercriminals, and the second is the economic situation in Russia.

Banks collect biometric data of citizens in Russia






More than 70 Bank offices in the Irkutsk region are already working in the Unified Biometric System, which allows receiving services of bank remotely.


Recall that remote identification was launched in Russia in mid-2018. Clients just need to confirm their identity using biometric data - face images and voice recording.

According to the employer of the Irkutsk Branch of the Bank of Russia, clients need to come to the office once with a passport in order to register in the system. This procedure takes less than 1 minute. Today, 71 Bank offices work with such technologies in the Irkutsk region. Siberian residents can do the identification procedure in the biometric system in 687 branches of 57 banks.

Citizens have access to services of opening an account, obtaining a loan and transferring funds. These services can be obtained by phone, without a personal visit to the office of the Bank. The number of services will expand in the future. In addition, soon insurance companies will also recognize citizens by biometric data.

The new system has significantly reduced the number of Bank frauds. Thus, according to the Pochta Bank, the credit institution managed to block about five thousand fraud attempts in the last year through the biometric identification of clients.

Svetlana Ozeretskovskaya, the Head of Promotion of the Unified Biometric System project, stressed that "all biometric data is encrypted. It is almost impossible to restore them. This reduces the risk of compromise and does not allow attackers to take advantage of the data, even if some kind of leak occurs".

Meanwhile, cybersecurity specialists still see some weaknesses in the system. For example, Trojans in mobile applications or social networks can intercept biometric. But the authors of the biometric identification system are sure that even if your data gets to the criminals, the system will still calculate the fraud. According to the company Rostelecom, the probability of incorrect recognition of the client is 1 per 10 million. Moreover, the system will distinguish even twins from each other.

The Central Bank of Russia detected a new type of fraud during the transfer of funds through an ATM




According to the publication of the Center for monitoring and responding to computer attacks in the financial sphere of the General Directorate of protection and information security at Bank of Russia (FinCERT), the Central Bank reported a new type of fraud during the transfer of funds between cards through ATMs.
The document says, "previously expected  TRF-attacks (transaction reversal fraud) did not occur, but a new method of such an attack was recorded based on the imperfection of the scenarios for processing transfers from card to card using ATMs."
The fraud method is connected with the imperfection of the p2p-transfer scenario (transfer between individuals). In particular, when the transaction is cancelled, the fraudster has the opportunity to withdraw the transferred amount from another card and at the same time keep the money in his account.
The algorithm is quite simple. First, a transfer operation between individuals is selected and the card number of the beneficiary is indicated. The terminal sends two authorization messages to the beneficiary's Bank and to the sending Bank. After two approvals have arrived, the actual translation is performed.
However, the ATM then asks the sender for confirmation of the debit fee, but he does not agree, and a message about the return is sent to both Banks. As a result, the temporary holding of funds is removed from the sender's account, he saves all the money, but the beneficiary during this time withdraws the transfer from his card.
The Central Bank advises Banks to check the correctness of ATM scenarios. So, the approval for the cancellation of the operation to the sender should come only after the message about the successful return of the transferred funds from the beneficiary's Bank.
Another measure to combat this type of fraud is to obtain consent to charge a transfer fee before sending authorization messages for the operation.
The sender bank is responsible for the success of such attacks, said Alexei Golenishchev, the Director of e-business monitoring at Alfa-Bank.
In May, Ehackingnews described another type of fraud with Sberbank ATMs. The attacker did not insert a Bankcard into the machine, chose any operation and did not complete it. When the next customer came to the machine, he saw on the screen of ATM a proposal to insert the card and enter the pin code. When he did all, the operation of the attacker was automatically completed, after which the money was debited from the cardholder's account. Later, Sberbank said that Bank solved this problem and the attackers could not withdraw money anymore.

The Central Bank of Russia has found problems with cybersecurity in all verified Banks


This year, the Bank of Russia checked 75 Banks for compliance with cybersecurity requirements and found all violations of the requirements. The head of the CBR Elvira Nabiullina informed about this, speaking at the II International Cybersecurity Congress (ICC).

Nabiullina said, "Since last year, the Central Bank as a regulator has the authority to supervise financial institutions in terms of how they fulfill cyber security requirements. Last year we checked 58 Banks, this year - 75. Problems and violations were found in all of them."

The Chairman of the Central Bank added that the problems found in Banks should not be considered critical, but they can become such over time, if not to take measures to prevent possible cybercrime.

Nabiullina noted that protection from cyber risks and the level of cybersecurity in the near future will become a competitive advantage for all companies. At the same time, the main drawback is that the business processes of Banks do not include the management of cyber risks.

The Chairman of the Central Bank drew attention to the fact that Russian bankers have no particular fear of hackers. Apparently, for this reason, certain shortcomings or problems were identified in each financial organization.

According to Nabiullina, there is a neglect of cybersecurity in society, and the heads of companies do not understand the problem.

Nabiullina stressed, “Our task is to use new technologies and try to go a step further, keeping up with hackers.”

Russian Prime Minister Dmitry Medvedev also spoke at the ICC. He said that it was necessary "to develop global security standards". Also, Medvedev noted that crimes that are committed with the help of the Internet "have no boundaries."

It should be noted that earlier German Gref, CEO, Chairman of the Executive Board of Sberbank, expressed the opinion that the heads of large companies should be paranoid in the fight against cyber threats: "We are responsible not only for ourselves, but we have hundreds of millions of our customers."

Hackers made Bank clients debtors - Large-scale data breach occurred in Russia



On June 8-9, Alfa-Bank was attacked for several hours, as a result of which the stolen funds appeared on the accounts of random customers of the credit institution.

Some clients of the Bank received amounts from 10 to 15 thousand rubles ($ 155-235). Many of them quickly spent this easy money.

However, immediately after the payment, Alfa-Bank clients were charged amounts two to three times more than the fraudsters sent. They formed an overdraft or a short-term loan.

Alfa-Bank solved the problem with hacking within a few hours, and clients of Bank are obliged to return the money that came from hackers in full amount. However, there were no official comments from Alfa-Bank.

Experts said that such a fraud can be done only with access to the Bank's system. Therefore, the security service is looking for fraud among its employees.

It is worth noting that on June 9, the Russian newspaper Kommersant reported the leakage of personal data of 900 thousand clients of Alfa-Bank, OTP Bank and Home Credit Bank in Russia. According to the published material, the names, phone numbers (mobile, home and work), address and place of works, passport data of almost 900 thousand Russians including 55 thousand customers of Alfa-Bank were publicly available on the Internet, as well as balances on the accounts of clients of Alfa-Bank limited to a range of 130-160 thousand rubles.

The company DevicеLock found the leaks. They occurred at the end of May, the data were collected a few years ago, but a significant part of the information is still relevant. Moreover, DeviceLock discovered two customer databases of Alfa-Bank: one contains data on more than 55 thousand customers from 2014-2015, the second contains 504 records from 2018-2019.

An interesting fact is that one of the databases of clients of Alfa-Bank contains data on about 500 employees of the Ministry of Internal Affairs and about 40 people from the FSB (the Federal Security Service).

The Press Service of Alfa Bank said that at the moment they are checking the accuracy and relevance of information.

The National Payment Card System (NPCS) of Russia says the Fast Payment System is secure


According to Dmitry Kolesnikov, Director of the FPS project in the NPCS, the Fast Payments System is completely safe.

Earlier, the Head of Sberbank German Gref said that one of the reasons why Sberbank does not join the Fast Payment System is cybersecurity. So, according to Gref, the system is still unsafe.

"The system is safe, secure, fully complies with all standards. There were no incidents during the operation," said Kolesnikov at the International Forum "Remote Services, Mobile Solutions, Cards and Payments - 2019".

The Bank of Russia summed up the results of the first four months of the FPS. According to Maria Krasenkova, the Head of the Development and Regulation of the National Payment System of the Central Bank, from January 28 to May 28, 500 thousand transfers were made through the FPS for a total of 4.2 billion rubles ($ 64 million). Dmitry Kolesnikov noted that during the operation of the system, about 200 thousand people took advantage of it. According to NPCS, 40% of transfers are made between own accounts, 60% between accounts of different clients.

It is worth recalling that the Central Bank launched a competitor to the Sberbank transfer system, it's a money transfer system (FPS) by telephone number between accounts of different banks. First, only 11 financial institutions joined the FPS, including Alfa-Bank, Tinkoff Bank, Gazprombank, VTB and others. Another 100 banks expressed their desire to join the system. However, Sberbank has not yet expressed its desire to join the FPS. The largest Russian Bank was a monopolist in the market of money transfers between individuals. In 2018, Sberbank earned 47.2 billion rubles ($ 722 million) on transfers, and the launch of the Central Bank system has already hit its revenues. In the future, participation in the FPS is planned to be mandatory for all banks.

The Bank of Russia expects to connect important Banks to the FPS before September 1. However, according to Gref, the agreement with the Bank of Russia on the connection of Sberbank to the FPS has not yet been achieved.