Customer data from almost all Pakistani banks have been compromised by hackers and dumped on the Dark Web, thereby revealing the level ((or lack of) of preparedness of banking and other financial organisations against emerging cyber threats.
Mohammad Shoaib, director of Pakistan’s Federal Investigation Agency (FIA), recently told a local news agency that hackers had managed to breach the servers of as many as twenty-two Pakistani banks and had stolen more than 19,000 debit card data.
“Almost all [Pakistani] banks’ data has been breached. According to the reports that we have, most of the banks have been affected. More than 100 cases have been registered with the FIA and are under investigation. We have made several arrests in the case, including that of an international gang,” Shoaib said.
Several Pakistani banks breached in a single day
According to Pakistan’s Geo News, on October 26th this year, hackers infiltrated Bank Islami’s servers and transferred up to $2.6 million from the accounts of international payment card holders. Over ten thousand stolen debit card details of the bank’s account holders were also dumped on a Dark Web marketplace named Jokerstash.
In the same marketplace, debit card details of over 8,000 account holders of nine other Pakistani banks were also put up for sale for prices ranging from $100 to $135 each. The scale of the breach prompted the State Bank of Pakistan to instruct all affected banks to freeze international cash withdrawal transactions via debit cards.
Despite the freeze, researchers found as many as 11,000 debit card details from as many as 21 Pakistani banks dumped on the Dark Web on October 31st. The list of affected banks included Habib Bank Limited, Bank of Punjab, Standard Chartered Bank Limited, United Bank Limited, and Meezan Bank Limited.
FIA officials told Geo News that debit card details being auctioned on Dark Web marketplaces were skimmed from banks’ servers by hackers and such data were being advertised by hackers as “skimmed data”. PakCERT CEO Misbahuddin Ahmed told Geo News that while banks were not digitally compromised, criminals behind the operation cloned international debit cards and then cashed out such accounts from ATMs located in several countries.
“The people who initially did the skimming were visitors from outside Pakistan. They used the cards themselves and then put the dumps for sale on the Darkweb. Another possibility was that “the people who skimmed were locals and helped a more advanced group outside Pakistan,” PakCERT added.