The Bank of Montreal (BMO) and CIBC’s online bank Simplii Financial, were targeted in a large-scale hack, leading to a data breach affecting the personal information of 90,000 account holders. The hackers were able to acquire private data such as names, account numbers, and passwords. A demand was made for a ransom of USD 1 million in Ripple (XRP), which is a cryptocurrency associated with the blockchain payments startup Ripple.
Cunning hackers or poor security?
After the ransom demand, the hackers continued to state the resulting consequences if their demands weren’t met, via an email to the banks:
“These … profile will be leaked on fraud forum and fraud community as well as the 90,000 left if we don’t get the payment before May 28, 2018, 11:59 PM”.
The hackers went on to explain how they used an algorithm to obtain account numbers, allowing them to pose as account holders who had forgotten their login details. By exploiting the system they were then able to reset the backup security questions and answers, giving them everything they needed in regards to account access and information stored against that user.
“They were giving too much permission to the half-authenticated account which enabled us to grab all these information,” They went on to explain that the bank “was not checking if a password was valid until the security question was input correctly.”
One of the most intriguing aspects of this hack is that the ransom request was to be paid in XRP rather than Bitcoin (BTC) or privacy-based currencies such as Monero (XRM). User “mr_lazy85” joked on the Ripple subreddit about the notion:
“I guess the hackers didn’t want to wait hours to receive the ransom.”
Although the R3 member banks notably had taken part in previous trials for Ripple’s cross-border payments and could well have had holdings in Ripple’s associated currency XRP.
Lack of cyber-security expertise
Cybercrime continues to rise in 2018. As more systems and information is digitized, there is increased pressure to implement higher security measures against hacker threats. Gartner predicts spending on cybersecurity to reach a figure of USD 96 billion this year which is an 8% rise from 2017.
Hacks are affecting all sorts of companies and parties, showing that security shouldn’t be taken so lightly. The US Department of Homeland Security (DHS), confirmed that data belonging to 240,000+ employees, witnesses, and interviewees had been compromised earlier this year. St. Peters Surgery and Endoscopy Center (New York) was hacked leaving 134,512 patient records accessible and was reportedly the second-largest healthcare breach of 2018. USD 550 million was stolen in January 2018 from Japanese cryptocurrency exchange platform Coincheck which was the world’s biggest cryptocurrency hack. Cloud utility and defense company RedLock recently revealed evidence of how hackers hijacked Tesla’s cloud, using it to mine cryptocurrencies, with their open-source systems, not even password protected!
With a shortage of expertise and common practices for security not always enforced until it is too late, cyber-related crime will continue to plague our society for the foreseeable future.
Follow BitcoinNews.com on Twitter at @BitcoinNewsCom
Telegram Alerts from BitcoinNews.com at https://t.me/bconews
Image Source: Richard Patterson - Cryptocurrency Criminals