SoylentNews is people
SoylentNews
A hacker named Buba dumped customer details obtained from a United Arab Emirates bank after the bank refused to pay a $3 million bitcoin ransom. The hacker has also contacted some of the bank's customers individually:
A hacker who broke into a large bank in the United Arab Emirates made good on his threat to release customer data after the bank refused to pay a bitcoin ransom worth about $3 million. The hacker, who calls himself Hacker Buba, breached the network of a bank in Sharjah last month identified as Invest Bank by The Daily Dot, and began releasing customer account and transaction records via Twitter.
[...] The news was first reported by the Dubai-based newspaper Xpress . According to the journalist, the hacker offered to give him 5 percent of the paid ransom for his cooperation, though it's unclear what kind of cooperation he was seeking from the reporter. He reportedly told the journalist that he had data from other banks as well. "I give u 5 % from total I get. Have many banks from UAE, Qater, ksa and etc. Will work together," he reportedly wrote in a direct message to the reporter via Twitter.
The hacker reportedly used the picture of an Invest Bank employee for his Twitter avatar to post the account statements of government officials and UAE firms on November 18. Although Twitter closed the account, the hacker opened a new one and released the account statements of some 500 bank customers.
He also sent text messages and emails to bank customers, using contact details gleaned from their bank account records, and threatening to release their records online unless they or the bank paid him a ransom.
More at SC Magazine and The Register.
(Score: 1, Insightful) by Anonymous Coward on Wednesday December 09 2015, @02:46PM
You and I don't but when we point that fact out to others we sound like angry old cranks
No kidding. I tell most people I am surprised it works as well as it does.
Take for example open source. We use it everywhere. It is really cool. However there are many projects out there that are very poorly written. Many are just thin wrappers on top of other projects. Which in turn can be a wrapper on top of another one. There are many very well written ones. But there are also many yahoos out there writing poor code just to get a resume talking point.
It runs the gamut of 'please dont touch a keyboard again' to 'you need to getting paid very well for this'. Closed source is the same issues but we just dont see it as well. Think of all the cool libraries you have used over the years from open source. Now think on this there is probably 1 or 2 guys actually working on that, part time. With the occasional person stopping by for the occasional bug fix. There is no way they can vet out the bugs in a system like that. That is how we end up with things like openssl. Works pretty good but has/had many open security issues for years.
Honestly it is a field day for the blackhats. They can not only see the code they can write bugs custom to it. The library is probably just something someone included into their project and never thought twice about it again. Two total separate projects I work with has libraries that have not been updated since 2010. Even though the libraries have 5 years of fixes (some major security/performance issues). The answer I get from the devs who let it get that far? "meh not that big of a deal". It is frustrating as many times it is a drop in replacement.
(Score: 2) by MichaelDavidCrawford on Wednesday December 09 2015, @07:42PM
Do.
Your.
Worst.
Yes I Have No Bananas. [gofundme.com]
(Score: 1, Touché) by Anonymous Coward on Thursday December 10 2015, @03:27AM
Dude? What was that?
My point was we have a serious challenge. Lets fix it! I think I may have forgot to put that in there ;)
(Score: 0) by Anonymous Coward on Thursday December 10 2015, @02:09AM
It's possible to tell how well or poor closed source software is written by vetting the ASM code generated by the compiler (assuming it's a compiled language).