Hackers steal data from ‘almost all Pakistani banks’: FIA

A cybersecurity service says at least 19,864 debit card details belonging to 22 Pakistani banks are being sold on the dark web


LAHORE: Federal Investigation Agency (FIA) cyber-crime wing director on Tuesday warned that security of all Pakistani banks has been compromised after data from “almost all” the banks were stolen in a recent security breach.

Speaking to a local media outlet, FIA Cybercrimes Director Capt (r) Mohammad Shoaib, citing a report, said data from almost all Pakistani banks has been reportedly hacked.

The FIA director further said hackers based outside Pakistan had breached the security systems of several local banks and stole large amounts of money from people’s accounts. “It shows banks are in need of drastic security improvement,” he added.

The FIA has written to all banks for a meeting to look into ways the security infrastructure of banks, the FIA director said, adding, “Being custodians of the money people have stored in them, banks are also responsible if their security features are so weak that they result in pilferage.”

The banking sector has been rife with rumours of a possible cyber-attack after a digital security website said that data of over 8,000 account holders of about 10 Pakistani banks were sold in a market of hackers.

The first victim of this possible cyber-attack was BankIslami, that reported an attack on October 27 in which at least Rs2.6 million was stolen from international payment cards. Consequently, the bank stopped such transactions and allowed biometrically verified payments only on ATM cards within Pakistan.

The next day, the State Bank of Pakistan (SBP) issued directives to all banks to ensure that security measures on all information technology systems, including those related to card operations, are continuously updated to meet future challenges, ensure real-time monitoring of card operations related systems and transactions and immediately coordinate with all the integrated payment schemes, switch operators and media service providers.

Subsequently, at least at least 10 major banks of the country suspended international ATM transactions on debit cards, according to texts sent to their clients.

According to PakCERT’s Threat Intelligence report published on November 4, a total of 19,864 debit card details belonging to 22 Pakistani banks are being sold in the dumps circulating on the Darknet. This number does not include a small number of other compromised cards which were found in the dumps.

In the first dump released on Oct 26, a day before BankIslami lost over Rs 2.6m, the majority of cards were of Habib Bank Limited (6,170), followed by the Bank of Punjab (748) and Standard Chartered Bank Limited (586).

In the second dump released on Oct 31, the majority of cards were of Habib Bank Limited (2,043), followed by United Bank Limited (1,381) and Meezan Bank Limited (1,375).

According to the report, hacked credit card data is available in two formats on the dark web.

“Text-based credit card details like full name, address, phone number, card number, expiry and CVV2, which can be easily used by someone for illegal online purchases.”

The second format is skimmed dumps, which means the hacker was physically able to scan the card details possibly at a compromised ATM or merchant machine, the report said.

The skimmed card details are used to create a duplicate card which can then be used at an ATM or merchant machine for illegal transactions.

Initially, there were rumours of BankIslami servers being hacked but looking at the number of total compromised cards and that too belonging to 22 different banks, it is evident that several compromised ATMs or merchant machines were involved in the skimming, the report claimed.