Pakistani banks have suffered a major cybercrime attack recently after sensitive card data of at least 20,000 users has been listed for sale on the dark web.
The crime was first detected following a suspicious withdrawal of $2.6 million on October 27 from Karachi-based BankIslami through internationally accepted modes of card payment.
A report from cybersecurity firm Group-IB revealed that the affected banks include BankIslami, MCB Bank, Bank of Punjab, Bank Alfalah, Habib Bank, Soneri Bank, JS Bank and Faysal Bank. The individual losses from each bank are not publicly known.
According to the Federal Investigation Agency (FIA), “almost all banks” have been affected with 22 Pakistani banks in the record.
A total of 19,864 bank cards were hacked and sold on darknet markets between October 26 and October 31, showing just how hard the cyberattack had struck.
Group-IB also revealed that another data dump of over 177,000 Pakistani bank cards has appeared on Joker’s Stash, a popular card shop on the dark web.
Financial Data Auctioned on the Dark Web
The Pakistan Computer Emergency Response Team has come up with a threat analysis report [PDF] that reveals that 9,000 debit cards were posted on the dark web on October 26 and a further 12,000 cards posted on October 31.
Most of the cards posted were from Pakistani’s largest bank, Habib Bank Limited, with over 8,000 cards due for sale.
The cards were auctioned on darknet markets and sold to the highest bidder, with the price going as high as $160 and no lower than $100.
Transactions from the accounts affected were then carried out through ATMs or at various point-of-sale terminals abroad, thus making it more difficult to track down the illegitimate card users.
Ongoing investigations by FIA reveal that the darknet auctioneers have accomplices in Pakistan and that so far more than 100 cases have been registered.
This led to the chiefs of banks being assembled to discuss the matter and the way forward.
The news has come as a shock considering Pakistani debit and credit cards are rarely sold on darknet markets.
Evidence from Group-IB’s research shows that the sale has only spiked in the past six months, and before then, cards from Pakistan were rarely sold in online card shops.
Bank Transactions Halted
Following the attack, the central bank known as State Bank of Pakistan (SBP) issued a directive to all banks to hold back any transactions through the credit and debit cards as from November 3, especially those that appear fraudulent and involving large amounts.
They have also insisted that the banks work on improving their cybersecurity, scrutinizing systems for illicit transactions.
This has caused apprehension among legitimate bank users especially following the loss of millions of rupees of more than 200 account holders in the area of Khyber Pakhtunkhwa in the northwest region of Pakistan.
The banks, however, have assured genuine card holders that they will be able to perform transactions if they request to do so from their banks and with proper verification of their ownership of the accounts.
They have further assured them that should they suffer a loss of their money, they will be compensated as the banks are insured.
Among those who have suffered huge losses and are claiming compensation include Dr. Yousuf Khilji, a former chief scientist at the Khan Research Laboratories, who lost nearly Rs. 3 million from his bank in 17 hours.
The chief spokesman of the SBP, Abid Qamar, points out that six banks have also crippled the use of debit cards overseas.
Qamar further says that transactions of the bank owners across Pakistani borders are only carried out following authorization by the legitimate account owners.
The SBP in a statement [PDF] said it has involved international payment operators in monitoring suspicious transactions both within Pakistan and across borders along with other bank restrictions.
Both of these were implemented as an additional security measure to curb the cyberattack.
SBP’s statement further claims the cards were hacked outside Pakistan and the card data was used to perform transactions abroad in countries including the United States and Russia.
This is in conjunction with locals who are willing to trade sensitive information to aid the hackers in their operations.
Such crimes have been on the rise of late especially due to the lax in banks to upgrade their security systems making them at risk of cyberattacks.
Many complaints of unauthorized withdrawals from bank accounts have been lodged through printed works and online platforms.
However, some of the banks still refuse to own up to the breach of security and to disclose the exact amount of losses incurred so as to avoid tainting their image to the public.
Latest posts by C.M. (see all)
- Australian Man Faces Charges for Running $17M Drug Syndicate on the Dark Web - April 23, 2019
- A Look at Baldr, a New Type of Malware Circulating in Hacking Forums - April 23, 2019
- Silk Road 2.0 Founder Sentenced to 5 Years in Prison - April 22, 2019