Probably the biggest computer crime in the history of Lithuania: the electronic banking sector was affected

Probably the biggest computer crime in the history of Lithuania: the electronic banking sector was affected
Probably the biggest computer crime in the history of Lithuania: the electronic banking sector was affected
--

Programmers announce that they have hijacked the database of Lithuanian banking software developers

On Saturday, one of the Internet forums frequented by programmers published a report that the database of the Lithuanian banking software developers “BankingLab” (managed by UAB “Baltic Amber Solutions”) was stolen and distributed.

BankingLab is a three-party platform that provides virtual currency exchange and banking services for fiat currency transactions. Clients include Simplex, Vialet, etc. “We recently gained full access to BankingLab’s server and accessed all customer data, including each customer’s user transaction flow, identity information,” the message reads.

The software also shares data from BankingLab’s internal password management system, Pam360, and a master key that includes the SSH key for internal services, various system and server passwords, and more.

“Enjoy!”, the hackers finish the message.

According to Cybernews cyber security expert Mantas Sasnauskas, this could be one of the biggest – if not the biggest – cybercrime in Lithuania, and it will have significantly greater consequences than CityBee’s data theft. He points out that if hackers are already sharing their loot publicly and for free, it means that they will have already squeezed out the maximum benefit.

According to an IT specialist, the US Critical Infrastructure Agency had been reporting these types of attacks for several weeks – and what has now happened is business/supply chains. supply chain) attack.

BankingLab used Pam360, a business data access manager that allows the company to grant access, authorizations, force changes or create new passwords, and more to its customers – other companies. Other large companies also use this driver – I think Amazon, NHS and the like,” says M. Sasnauskas. And in this driver, a critical error was detected, the dangerousness of which was rated by experts as 9.8 on a ten-point system.

According to a Cybernews expert, exploiting this vulnerability allows a hacker to become an administrator of that entire system and remotely launch their own programs.

“What most likely happened in the case of BankingLab,” summarizes M. Sasnauskas. – By the way, experts had sent advice on how to avoid such an attack, but it is not known whether BankingLab received those advices and made some decisions, or not. The bottom line is that this loophole was most likely used to get the first access to their systems. And since BankingLab has a lot fintech customers in Lithuania (and possibly outside it), all those customers are potential victims – Perlas Finance, Simplex and all others. It must be assumed that they were all “broken”.

M. Sasnauskas says that all agencies should already be notified about the hacking – the State Data Protection Inspectorate, the Bank of Lithuania (because the latter oversees transactions and issues licenses). According to the expert, BankingLab customers knew about the crime already over the weekend.

He also points out that during the night from Saturday to Sunday, the 80 GB Perlas Finance database, which stores customer bank accounts and transactions, was already leaked.

The Cybernews expert points out that if the leaked data includes users’ passwords, all BankingLab client companies should send their customers a password change request – or even do it automatically themselves. “Because we are talking about finances here,” he emphasizes. – And there is also the question of how long the hackers have been lurking in the systems and what damage they have caused: is there any stolen money and the like. Because if hackers are sharing for free, that usually means they’ve done their job, which is what they needed to do.”

The statement issued by the association “Fintech Hub LT” states that the association is aware of hacking by hackers into the internal systems of “BankingLab”. The company’s clients, partners, the Bank of Lithuania, law enforcement officers and the National Cyber ​​Security Center were notified about this incident. BankingLab-affiliated fintech companies have also informed the relevant authorities and their customers about the disruptions, as required by law and internal procedures. To the best of our knowledge, every precaution has been taken to prevent data leakage.

“There is a global trend of hacking of internal systems, both small and large companies, such as Uber, Microsoft, Yahoo, Ebay, Meta, LinkedIn and others. According to our association, fintech companies in Lithuania are aware of emerging risks, have prepared appropriate plans, respond to incidents of this type immediately, annually invest in their internal IT systems and their protection in order to prevent hacker attacks and personal data breaches,” the report quotes ” Fintech Hub LT” manager Vaiva Amulė.

BankingLab: It’s not as bad as it sounds – but it’s more complicated

After the lrytas.lt portal contacted the head of “BankingLab” Narimantas Bloznel, he confirmed that his organization suffered a cyber attack that continued throughout this weekend. When asked to specify what exactly caused the hackers to penetrate the data systems – whether the security loophole mentioned by the experts was really used – N. Bloznelis said that not everything is so simple.

“Not everything is so simple with these security incidents. This is a much more complicated attack, it can be seen that this attack was really prepared, many different instruments were used.

We collected all this information with the cyber security team and passed it on to the police, the National Cyber ​​Security Center, the relevant State Data Inspectorate. And it’s really not like a single system flaw is going to cause something of this magnitude – it’s far more serious. But I saw it [ekspertų] comments, and they’re not entirely true – but the police are now involved in the investigation, and they’ve asked not to comment – but we’re sharing all the material with them, and the main goal now is to identify who did it.

And the attack itself has been stopped, the clients have been restored and their services are back up, the information that was leaked has been leaked – but we can’t disclose in detail the technology and the means by which the attack was carried out and what was compromised – because of the ongoing investigation.” – said the head of the company.

When asked how many users could be affected by this hack, N. Blozenlis assured that it was not as massive as reported in the media. “It affected a certain number of individuals and legal entities, but it is not such a mass attack as it was mentioned, that it is the biggest crime – namely in terms of data,” said the head of the company. He also pointed out that in the definition of data protection, it is not extremely sensitive data. However, claiming that he did not want to harm the investigation, N. Bloznelis did not specify what exactly the data was stolen.

“Yes, this is some personal and corporate data, but it does not fall into the category of highly sensitive data,” the company’s manager said.

N.Bloznelis answered in the negative to the question of whether there is a possibility that customers may suffer financially. “I can absolutely guarantee that there is no data out there that could be used to hack into customer accounts and steal money.” Customer money is safe. However, criminals – who have committed this crime and operate in cyberspace – use technologies, methods, and social engineering that lure such sensitive information, so directly this [pagrobta] the information does not pose a threat to customers’ money, but it is clear that additional security measures should be put in place, be careful, avoid opening emails and other “phishing” attacks, because hackers can certainly use some personal information to extract the necessary data. However, I assure you that these data directly have nothing to do with customers’ money, login data and so on,” said the head of BankingLab.

He also emphasized that as soon as the attack was noticed, the company immediately prevented further hacking and all security systems were replaced.

“Of course, we understand the seriousness of the situation and cooperate with all the institutions, but we are glad that we were able to react quickly – the fact that we were prepared for such possible attacks and had a business continuity plan and prepared measures also contributed to this. We can see that it worked: we were able to stop and prevent a massive attack, as well as a massive data loss and leak. We managed to quickly restore the customers’ activities and ensure their security – and we continue to cooperate and hope for a successful investigation, after which we will have the opportunity to provide the public with more extensive information, in order to prevent similar attacks against other institutions in the future”, concluded Narimantas Bloznelis, head of BankingLab.

The article is in Lithuanian

Tags: biggest computer crime history Lithuania electronic banking sector affected

-

NEXT Victor Wembanyama led Spurs to victory against one of the leaders in the West