Qatar National Bank has admitted that its systems were hacked but said that the information released online was a combination of data picked up from the attack and from other sources such as social media.
The incident would not have a financial impact on the bank’s customers whose accounts are secure the bank said, without providing details of how its systems were hacked, the possible identity of the hackers, and what information was harvested.
The announcement by one of the top financial institutions in the Middle East follows the posting online last week of leaked documents. The attack only targeted a portion of Qatar-based customers, the bank said, claiming the hack attempted to target the bank’s reputation rather than specifically its customers.
“QNB Group’s Risk Team monitored abnormal activity in our system environment, this was immediately communicated to relevant authorities,” the bank said in a statement. “We also took immediate steps and our systems are fully secure and operational.”
The 1.4GB trove of documents leaked online included both financial information such as customer transaction logs, personal identification numbers and credit card data, but on closer scrutiny was found to have folders with detailed profiles on specific individuals, including what appeared to be files on members of the Qatari royal family, employees of media outlet Al Jazeera, and people listed as working for the British MI6 and some other intelligence agencies, security firm Trend Micro said on 27th April.
The attackers used an open source SQL injection tool to extract all of the customer data they needed, wrote Simon Edwards, cyber security expert at Trend Micro. SQL injection is used against against websites which use SQL (structured query language) to query information from the database server.
The log file suggests that the attack could have started about nine months ago in July last year, Edwards said.
QNB said that it would not comment on reports in social media of “an alleged data breach,” but sought to assure all concerned that there was no financial impact on the bank or its clients.
A Turkish far-right group, called Bozkurtlar for Grey Wolves, has claimed responsibility for the bank breach, wrote security researcher Omar Benbouazza. The hack could be linked to the Syrian conflict, he added.
The group has uploaded a video online, claiming its role in the hack. The bank made a big mistake using known vulnerable software in the targeted host, said Benbouazza, who also believes that the attackers used an SQL injection.