Hackers have reportedly managed to steal funds from nearly every bank in Pakistan, in a shocking turn of events. The massive financial breach was confirmed by the director of cybercrimes at Pakistan’s Federal Investigation Agency, wing Captain (retd) Mohammad Shoaib, multiple local news outlets reported.
Hackers have reportedly managed to steal the data of nearly 8,000 bank account holders from 10 different banks and have put them up for sale on the dark web. According to Pakistan’s CERT, the data was most likely leaked via card-skimming. PakCERT discovered that the first data dump occurred on October 26 and saw over 9,000 debit cards details put up for sale.
According to a PakCERT report, the details were stolen from Bank Alfalah, Bank Islami, Habib Bank, Samba Bank, Js Bank, the Standard Chartered Bank, the Bank of Punjab and several others.
“Almost all [Pakistani] banks' data has been breached. According to the reports that we have, most of the banks have been affected," Shoaib told Geo News. “More than 100 cases [of cyber-attack] have been registered with the FIA and are under investigation. We have made several arrests in the case, including that of an international gang [last month].”
“The debit data was obtained through various sources such as skimming, phishing attacks then sold on the dark web forcing banks to disable international withdrawal for ATM cards as a countermeasure,” Rafay Baloch, a Pakistani cybersecurity researcher told HackRead. “The countermeasure was implemented by inflicting a denial of service which shows that the system is not resilient.”
PakCERT also discovered that the hackers behind the elaborate cyberheist dumped another batch of stolen data on the dark web on October 31. This dump saw 11,000 more records, belonging to customers of 21 different Pakistani banks, put up for sale. The cybercriminals selling the data were demanding $100 to $160 for the records.
Although it is still unclear as to how this breach came about, PakCERT believes that some locals may have been involved in aiding the cybercriminals behind the attack, who are suspected to have been located outside the country. Both the FIA and PakCERT have reportedly launched independent investigations into the breach.