Official website of Burj Bank is reportedly hacked by a Pakistani group of hackers, called “Pak Cyber Hunters”, aimed at warning the bank to secure its website.
Hacker group shared entire backup of Burj Bank’s website files and databases with ProPakistani, and urged the bank to increase its server security. Hackers, in an email sent to ProPakistani, said that it’s a nightmare for the admin, who must get such sensitive data safe.
Hackers said that they aren’t defacing the website for face-saving of the bank. However, if things aren’t bettered then bank should be ready for a full-scale defacement and public leak-out of data.
Following is the screen taken of the website files of Burj Bank that were exclusively shared with ProPakistani:
Update: (November 5th, 2012 – 4:00 PM)
Burj Bank just called in to claim that their website wasn’t hacked. They have also issued a clarification on their website by saying that ProPakistani’s accusation is baseless. ProPakistani, however, stands by its story.
Here is what Burj Bank wrote:
This is to confirm that our server is completely safe and secure. Any allegations regarding the leakage of our data should be deemed untrue.
A bank that hosted with Magsnet – Amazing :) :)
Bank website should be hosted within bank premises (data center) not outside.
I know Mags net they have small DC in here in Karachi and i don’t know how they hosted the website there.
Looks like the bank has no proper setup here and it means i can easily launch DDOS attack. hahahahhahaha
Doesn’t matter. It was way better if it was hosted on a web host like Hostgator and this wouldn’t have had happened lol
Kindly try to understand this is bank not a software house.
I have seen here in Pakistan – banks has strictly policy to not hosted the website outside the premises and specially for email server that always hosted in bank DC but Burj is really not aware for such things.
every bank has policy and rules to protect privacy & personal information of account holders, else account holder can sue them on low level security.
That,s actually made me laugh. So you think, hosting on a hosting like Hostgator can give more security to their websites?
What if their is leak-hole or security hole in CMS script using by Burj Bank? That,s quite obvious reply i have read in this blog post. Lolzzzz
Hahahahhaha.. What a great job done… Well, its good thing that they shared the details and have not made any loss to the Bank. Well, Banks should keep themselves aware enough for such things… And a proper action should be taken where the admin should be given a punishment of keeping it unsecure. And a prize should be given to the hackers :D
One thing you can’t always secure 100% of anything. You can 99% but 1% is always a flaw in the network.
What you think about NASA has hacked few times and what you think they have not taken all security measures.
good job by hackers, admin sleeps well
lol funny stuff…
yeah … you know what I mean ;-)
lol..downloaded just backup of site that might be on index..n extracted n showed to propaki..they didnot deface..lol…Hacking world ma aisa thori na hota hai..:P
backup included password for the database ………… you are not aware of config files i suppose
I need a website hacked too…can you help pro???
Hacking for Good cause .. woww that’s new :)
I hope hackers also cc to burj bank as well when they emailed to propakistani :P
Yes bro you are right. And i hope with this the banker’s developers will take care and clients will feel secure.
Aamir can you provide a screenshot of Databases too? ofcourse blurred.
I am confused, bank is hosting their official website on a shared platform? What do you expect running a cms website on shared platform?
An indicator for State Bank of Pakistan who are still using Windows Server 2003
i don’t see anything imp in those files!
Hacking for good cause is better than nothing….
Hahah Where is the Download Link :P
i mentioned it i am not disclosing it because it includes the database password and admin page password’s so its risky
By they way these files and folder are useless…. DataseBase is Most Imp Think if they hacked DataBase then where is the screenshot? :/
yup i cud hav hav done the thing its easy but u know what its also easy to get get caught even if you use higly secured VPN’s and its a Pakistani Server ……….. Well great thing i have the access over silkbank details too ………
There is nothing like this. It is totally fake news. No hacker leave the website when he/she access it without hampering anything. This is someone who just wants to create panic without having any proofs of actually accessing the FTP.
Ethical hackers? So at least we get ethics somewhere in the society!
Kisi ka kuch nahi gaya… Naam Kharab Hova Pakistan woh bhi apnay hi religion kay logon may.. as group name is “Pak Cyber Hunters”
gaya nahe per janay se tu bach gaaya na bhai, naam waam Pakistan ka bohat acha nahe chal raha hai jo mazeed kharab hua. Consumer awareness honi chahiye atleast k jo services woh use kar rahay hain woh kitni stable hai aur kitni secure hai
is arr main kay Pakistan ka naam pehlay hi accha nahi hay, rahi sahi kasar bhi nikaltay jain (y)
BTW iss main Pakistan ka name nahe, ek brand k name kharab hoa hai janab “Burj Bank” ka. her cheez ko bohat wider expect main nahe laina chahiye papu.
It has nothing to do with the network, website was hacked (if true) not the network. network means how branches and atms connect to main server. So network wasnt hacked rather website was which is basically a problem of web development team.
What a security http://www.burjbankltd.com/views/ Directory listing enabled :D
Directory structure and existence of files similar to screenshot suggests that the website was indeed hacked, a simple analysis could give you exact file locations on the server plus you can easily get cPanel’s Username :P
Working with Burj Bank
The people running it are goons specially the IT Dept Head Maj Akram they have also out sourced their entire network structure to a 3rd class company Future Technology, Pathetic bank
http://www.burjbankltd.com/news/clarification-against-rumors-of-burj-website-being-hacked/18
lol hav a look where does this site is reffering to ………….
i dont make any kind of false claims …….when i said i had the access i mean it