A newly discovered 1.4GB data dump leaked online appears to indicate a major breach at the Qatar National Bank and a wider operation designed to profile dozens of individual customers for follow-on attacks – some of whom may be spies.
The unusual case was first reported by the International Business Times, which claims that the stolen data includes hundreds of thousands of transaction logs, personal ID numbers and credit card information.
However, it is the additional folders bearing titles such as “SPY, Intelligence,” “Al Jazeera” and “AL THANI” that complicate the picture.
These are said to contain more than just bank details, in fact, information such as the names and photos of close relations, as well as social media accounts and phone numbers of the targeted individuals.
If the labels on the various files and folders are to be believed, the data dump includes detailed information on operatives from MI6, as well as Polish, French and Qatar intelligence, and nearly 30 Al Jazeera staff.
The information first came to light on Global-Files.net but was subsequently removed and now can be found on fellow whistleblowing site Cryptome.
The bank itself has refused to comment on the reports, but claimed in a statement yesterday that there is “no financial impact on our clients or the bank.”
It continued:
“QNB Group places the highest priority on data security and deploying the strongest measures possible to ensure the integrity of our customers' information. QNB is further investigating this matter in coordination with all concerned parties. Thank you for your cooperation and understanding.”
Security experts from Trend Micro, who have reviewed the data dump, argued that it could indicate a hacker or group planning a series of follow-on phishing and other cyber attacks using both the banking data and other personal information gleaned from those profiled in the various dossiers.
“It clearly shows firstly how the attacker obtained the data; then how they worked the data to find what they were looking for; and then started to build profiles on the people it was interested in,” cyber solution security architect, Simon Edwards, told Infosecurity.
“It is almost as though the attackers ‘dropped the loot’ as they exited.”
He added that the exposure of this data online “could have been a mistake, or it could have been deliberate."
Gord Boyce, CEO of file security vendor FinalCode, argued that businesses need to realize today it’s not a matter of ‘if’ they get hacked but ‘when.’
“Financial services firms, like in other regulated industries, need to expand their data defense portfolios beyond that of thwarting hackers and monitoring for insider threats to securing files that may be exposed due to inadvertent emails, lost portable storage devices or unauthorized sharing,” he added.
“The best approach to prevent file data leakage is through the use of strong encryption and usage control.”