Wednesday, 5 August 2015

European Central Bank Hacked; Norwegian Banks, Companies Hit By Cyber Attacks

Hackers have stolen personal information from the European Central Bank (ECB) in what seems to be a blackmail scheme. The stolen data includes email addresses and contact information taken from the organization's database.

“There had been a breach of the security protecting a database serving its public website,” ECB said on Thursday. “This led to the theft of email addresses and other contact data left by people registering for events at the ECB.”

Around 20,000 email addresses were stolen, according to media reports.
The hacked database serves the public website and gathers registrations for conferences and other visits. It is “physically separate from any internal ECB systems.”

The bank was not aware of the theft, and only found out about the stolen data after the perpetrator sent an anonymous email, demanding a reward in exchange for the information.

The ECB refused to go along with the scheme and did not reveal how much money was requested.
The majority of the stolen information was encrypted, such as data on downloads from the ECB website. But personal information, such as email addresses, phone numbers, and home addresses were not protected by an encryption.

The bank will contact people whose data might have been stolen. Meanwhile, “all passwords have been changed on the system as a precaution” and “security experts have addressed the vulnerability.”
The cyber attack did not compromise internal systems or market sensitive data, according to the statement.
German police have opened an investigation into the matter

In​ a related development, some Norwegian Banks and companies were hit by DDoS Cyber Attacks

Norway's top financial institutions have been hit in what appears to be a coordinated cyber-attack, the biggest-ever the country has experienced. Anonymous Norway may be responsible for the operation.

The attack targeted at least eight top Norway companies, including central Norges Bank, Sparebank 1, Danske Bank and insurance companies Storebrand and Gjensidige. Three Norwegian airlines and a big telecommunication company may also have been affected by the same attack.

The malicious bombardment with requests caused traffic problems for their website and disrupted access throughout the day. This affected the banks' online payment services as well.

“The scale is not the largest we have seen, but it is the first time it has hit so many central players in the finance sector in Norway,” said the head of Evry’s security team, Sverre Olesen in an interview with Dagens Næringsliv business newspaper. Evry provides services to many of the affected companies and was busy dealing with the emergency.

The company said the attackers used a vulnerability in the blogging platform Wordpress and other venues to hit the websites. They didn't appear to try to hack into the targets' networks and try to steal any personal information, it added. The source of the attack was abroad, Evry said.

Norway's National Security Authority (Nasjonal sikkerhetsmyndighet, NSM) said it was investigating the attack, but could not identify the perpetrators yet.

The newspaper said it received an email signed by Anonymous Norway claiming responsibility for the DDoS attack on the banks. The email came before the news about it broke.

But a tweet on the Anonymous Norway Twitter account denied the hacktivist group's involvement, saying they were “laughing at those who think we are behind the attacks.”

Postscript:

If the seemingly 'almighty' European Central Bank, some Norweigian Banks and topnotch companies can be hacked, how safe are Nigerian banks with regards to cybersecurity considering our somewhat lackadaisical, reactionary and fire brigade approach to such issues???

Source:
rt.com