May 08, 2016

"Security experts analysing the trove of internal files leaked from the Qatar National Bank claim an 'SQL injection' could have been used to exfiltrate sensitive financial information from the bank's database, IBTimes UK has learned."

IBTimes UK: After the data dump was released, a number of tech-savvy security experts analysed the information and then spoke to IBTimes UK about their findings. By Jason Murdock

'A folder marked backup first alerted security researcher Omar Benbouazza to the possibility that an SQL attack could have been used to extract the bank's database content. "According to the logs shared, the breach was done by one of the most common attacks, a SQL injection to the backend Oracle database server, using the sqlmap tool," he said.

'"The attacker was extracting all the information and storing it in different CSV and TXT files, sorting by folder with a thorough order. A known web shell, openDoc.jsp, was probably used to gain access to the host and control it - escalating privileges as User5, mainly to extract information." Indeed, when checked, the reams of files were found to be stored in this way and in those formats.'

'In a recent development, a user behind one Twitter account (@bozkurthackers) claimed to IBTimes UK that he or she was responsible for hacking the QNB website. "We are the ones who hacked the Qatar National Bank and more," the anonymous person claimed.'

No comments: