hw2. Prof Riley. Security
Major Computer Security Incidents
1. Qatar National Bank Data Leak 25/APR/2016
On April 25th, 2016, the hackers published data stolen from QNB. According to security researcher Omar Benbouazza, the bank
had been running known vulnerable software, such as Servlet 2.4, JSP and Tomcat 4.2.3. The logs shared by the attacker
suggests that the breach was done by one of the most common attacks, a SQL injection to the backend ORACLE database
server, using the sqlmap tool.
QNB is one of the largest banks in Gulf Area. A total of 1.5 GB of data and more than 15 000 files were leaked online. Files
contained information of more than 465 000 accounts, although only a fraction of these accounts had anything resembling full
account details. Information expert Nitin Bhatnagar, who heads business development for cybersecurity firm SISA Information Security,
also says the leaked data appears to be genuine. Based on his analysis of the leaked data, the dump contains nearly 1 million payment
card numbers, along with expiration dates, credit limits, cardholder details and other account information, all stored in clear text.
There are no investigation results posted by bank officials. However, a week later, a group of Turkish hackers claimed the responsibility
for QNB Breach. They shared an online video on social media.
References
1. https://www.securityweek.com/qatar-national-bank-hackers-could-leak-data-second-bank
2. https://www.reuters.com/article/technology/qatar-national-bank-investigating-alleged-data-hack-idUSKCN0XO22S
3. https://www.bankinfosecurity.com/qatar-national-bank-suffers-massive-breach-a-9068
4. https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/turkish-hackers-responsible-for-qatar-national-bank-breach
2. Qatari Domain Registrar Hacked, 18/OCT/2013
On October 18th, 2013, Qatar Domains Registry (registry.qa) was hacked. Many websites, including the ones owned by Qatari government
were defaced. The group of hackers who call themselves as "Syrian Electronic Army" posted some images showing they had access to all
high profile Qatari websites. Most of the websites were showing the photo of Syrian President Bashar Ul Assad. Hackers claimed they
did this because of a political motivations.
"After noticing the shutdown of major websites, ictQATAR asked service providers to back the service and they acted in no time",
reported Al Sharq. The Ministry of Interior said hacking did not affect its services and all online services were normal.
References
1. https://hackread.com/sea-hacks-qatar-domain-registrar
2. https://thepeninsulaqatar.com/article/20/10/2013/qatar-websites-hacked-for-several-hours