Sberbank Database of 420,000 Employees Leaked on the Internet
The internal database of more than 420,000 current and former employees’ names, emails, and Sberbank logins have been leaked on the internet in Russia. Sberbank, Russia’s largest bank, faces a rude introduction to the perils of information security.
Subscribe to the Bitsonline YouTube channel for great videos featuring industry insiders & experts
The Leakage and Payback Time
The data was available on November 29th for free on MEGA.NZ in a 47 Mb zip archive. The password to the zip was “grefisgay” (in reference to Sberbank CEO German Gref). Now the file, together with a phpreaker.pro forum thread that was started by its creator, is gone. The only thing left is Russian-language news about the event and a MEGA link that is no longer working.
Yet, this does not mark the end of the story. Lots of people could have downloaded the zip file during the day. Some users have reported that Sberbank employee emails sometimes play a role in personal logins to the Sberbank online administrator panels. This makes it easier for hackers to crack passwords using the database, social engineering, and classic “brute force” attacks.
Here’s the message that the anonymous forum user left together with the database:
“This government bank is making money on hacker attacks against clients. When you install Sberbank App, you install a spy that keeps scanning all your files. The app stores all your contacts in a database, records geodata, makes photos, controls Bluetooth, reads and modifies SMS and the browser history. It is capable of spying on your other apps. In order to rob you, the criminals don’t have to crack the device anymore – they just have to have partners in Sberbank.”
Sberbank immediately released an official statement saying that its 300,000 current and 120,000 former employees should not fear the leakage of their personal data. Forum users tend to think this may have been an act of revenge by a former bank employee.
Sell It On The Darknet–But Is It Safe?
If the information is around for free then it may not have much resale value on the dark web. But in most cases, these kinds of leaks demand huge payments in pseudonymous cryptocurrencies like bitcoin, monero, or Zcash.
For example, in August 2018, the data of 130 million Chinese hotel network guests appeared on the Darknet for a price of eight BTC. Since data is one of the most traded and used goods in the corporate world, many office workers may be tempted to steal data at a job they dislike, with the hope of selling it after they depart.
However, despite TOR and cryptocurrencies being designed for anonymity, they can cause problems when put to use together. Privacy and cryptocurrency researcher Sarah Jamie Lewis said that bitcoin payments could damage the anonymity of TOR network users through three different vectors.
There are also some bitcoin wallets (like Electrum) that can be configured to route payments via the TOR network. While this can look professional, some educators claim such routing could give hackers the ability to broadcast fake transactions across the bitcoin network using previous TX’s and their bitcoin addresses.
The Central Bank of Russia Warns About Biometric Hardware Scarcity
Right now, Sberbank has already started a biometric information collection program for its customers. But it sends data over untrusted channels that have only one layer of simple encryption. The FSB has requested that all banks update their encryption hardware and software by the end of 2018. But many banks do not have the technical ability to do so.
Also, on November 29th, CBR’s Infosecurity Chief Artem Sichev declared that there were too few devices for effective top-security biometric data collection. RBK’s anonymous source within the government bank has confirmed that they have faced a shortage of microphones and cameras, as well as other hardware.
Can Russian banks maintain security in a world where hackers are everywhere? Maybe they need new, decentralized solutions to solve these issues? Share your opinion in the comments section below.
Images by Jeff Fawkes