Editor’s Note: We are deliberately not disclosing bank’s name to secure it from competitive disadvantage, also this hack incident is not related in any case with previous hacking posts published on ProPakistani.com
A leading bank of Pakistan got hacked with complete compromise over its services and server, earlier this month. This compromise, as per very reliable sources resulted into financial loss as well.
In the said incident, that took place a month ago, hackers got complete control of bank’s website and its database. We were further updated by our sources that bank’s website remained down for couple of days, before it was restored. During this financial loss was also reported.
It was also reported that same bank got attacked at least twice earlier this year, if not thrice.
When contacted the concerned official of the bank for comment over the attack, head of Remote Banking Channels, ruled out total compromise of the web server, however, he confirmed that Bank’s front end was compromised to some extent due to phishing attacks. He further said that this compromise didn’t affect the bank accounts neither there was any financial loss reported during this.
He said, that these Phishing attacks are a routine activity now, as the banking sector is going online (on internet) and we expect them grow in Pakistan in coming days.
He confirmed that attackers sent emails to bank account holders asking them to reset / update their passwords, however, as soon as the bank sensed such incident, it notified its customers and took care of the issue.
When asked, that Phishing attacks are only possible after database compromise, from where hackers collect data of account holders with their emails, as in Phishing attacks only targeted emails are usually sent, the head of Remote Banking Channels responded that we are not sure if these emails were sent to specifically our customers only, however, as soon as we sensed the situation, we came up with alarms and notifications for our customers.
When we asked the official about appointment of four IT heads in a span for less than a year, he ruled out any relation of these appointments with the Phishing attacks, “it’s very competitive and dynamic field, so we keep on looking for best available resource to head our IT department”.
On a conclusive note, as we have always cautioned corporations, especially the financial institutes, they must get their web servers secure and audited in order to avoid any such incidents.
At the same time, people who are using net-banking facilities offered by banks must be aware of Phishing attacks, and other similar attacks to avoid their loss. For the purpose, the most common thing you must notice before carrying a online transaction (either transferring money, changing password / entering password) is to ensure that you are on website of your bank, and url should start with https.
Thats looks a serious problem… if the authorities doesnt take proper measures in the future..
I didnt get one thing.. What does phishing has to do with this hack? A lot more Pakistan Banks can easily be compromised specially internet banking as well. In most of the cases even CISO are helpless cause there “other” departments do not want to impose those security as well. We need to start educating the whole banking sector regarding this.
The thing is IT have changed a lot like the threats we had to face in past where different from now days. As regrading educating people they have to learn by their self Information System is changing a lot and its security also they cant have good security until they take this serious. Things moving slowly like most of the IT industry considering security as there 1st priority but still speed is slow and lack of education and expertize.
Well I am willing to donate few hours of mine every month to talk about these things specially on internet security in financial sectors. There is no such thing is 100% hack proof. Its how hard you can make it for a hacker to hack in. Please let me know if any company or institute need any help , we can give them some free consultation if they need.
As a matter of fact i am also in consultation and security audit thing in other word Penetration Testing.
Muhammad Munaf & Muhammad Ali Raza: Could you please provide with your email address & contact numbers. i am also working in security sector and would love to share some knowledge!
@Fahad, please use this page to contact Ali Raza: http://www.propakistani.com/contact-us/
isi liye main kehta hun k SWISS Banks main he apnay paisay rakhnay chahiye, wahan hackers tou kia Government officials bhi kucch nahin ker saktay… hahaha
I have already Notice: the bank named was Allied Bank of Pakistan, incident happend with my account several times, funds generated, password lockeds, and many issues, and amazing thing is that ” ABL Pakistan is 1st Bank in world Who have multiple Domains officials, such as “abl.com.pk” and some corresponding links and email using “abl.com”, so it was already very risky as I highlighted, but after hacking to ABL server, I simply goes withdrawn internet banking and mobile banking facility, even don’t left much funds into my account,
So it will be better that I should close my account from this bank.