The Panama Papers leak was for appetizers. The real leak, one which took place quietly and under the radar a few days ago, and may have exposed far more wealthy and important individuals, was that of the Qatar National Bank - the Middle East's largest lender by assets - where a massive 1.5 GB data dump posted online last week exposed the personal data of thousands of clients.
According to IBT, the massive data dump appears to contain hundreds of thousands of records including customer transaction logs, personal identification numbers and credit card data. Additionally, dozens of separate folders consist of information on everything from Al Jazeera journalists to what appears to be the Al-Thani Qatar Royal Family and even contains a slew of records listed as Ministry of Defence, MI6 (the UK foreign intelligence service) and Qatar's State Security Bureau, also known as "Mukhabarat".
The bank told Reuters it had taken immediate steps to ensure customers would not suffer any financial loss after the security breach although it was not clear how the bank planned to protect accounts whose details, including customer names and passwords, have already been published.
"We are taking every measure to protect the privacy of our customers and have engaged an external third party expert to review all our systems to ensure no vulnerabilities exist," the bank said in a statement on Sunday. "All our customers’ accounts are secure."
Except, of course, all those thousands whose data is already in the public domain.
According to Reuters, the 1.5GB trove of leaked documents posted online included the bank details, telephone numbers and dates of birth of several journalists for satellite broadcaster Al-Jazeera, supposed members of the ruling al-Thani family and government and defense officials.
Some files had pictures of account holders from Facebook and LinkedIn, a potentially sensitive issue in a conservative country where privacy is valued.
The bank said the breach was an attack on its reputation, rather than specifically targeted at the customers, and only involved a portion of Qatar based customers.
The statement did not mention the identity of the hackers.
QNB said some of the data released may be accurate but much of it was constructed and "contains a mixture of information from the attack as well as other non-QNB sources, such as personal data from social media channels." Which is merely another word for damage control.
A copy of the leaked content seen by Reuters contained transaction data of QNB customers that showed overseas remittance data from as recently as September 2015. One file had information on what appeared to be 465,437 QNB accounts, although only a fraction of these accounts had anything resembling full account details.
Several known Qatari figures in the government and media whose names appeared on the list confirmed to Reuters that their account details were accurate. Middle Eastern banks are attractive targets for cyber criminals because of the high levels of wealth in the oil-rich region. Qatar is the wealthiest country in the world on a per-capita basis, according to the World Bank.
As Security Affairs reports, "one researcher, speaking on condition of anonymity, also confirmed that he had successfully used leaked customer internet banking credentials from the data dump to begin logging in to the customer’s account, purely for research purposes. But he said the bank’s systems then sent a one-time password to the customer’s registered mobile number, which would serve as a defense against any criminals who might now attempt to use the leaked data to commit fraud."
But perhaps the most notable information contained in the leak a folder listed as "SPY, Intelligence" that quickly catches the eye. As IBT wrties, it contains a slew of records listed as Ministry of Defence, MI6 (the UK foreign intelligence service) and Qatar's State Security Bureau, also known as "Mukhabarat".
The MI6 file, which sits alongside similar documents reportedly from Polish and French intelligence, opens up an in-depth report on an alleged agent. This includes names of close relations, phone numbers, social media accounts and credit card data. Furthermore, in one instance, a file marked "wife", opens a photo showing a woman and two children. There are roughly a dozen of these intelligence dossiers included in the Qatar data dump.
As noted above, the alleged banking leak also openly lists a folder marked "Al Jazeera" that stores nearly 30 separate profiles alongside an Microsoft Excel file that holds more than 1,200 records – including national ID numbers, telephone numbers and home addresses. Much like the intelligence files, the Al Jazeera disclosure contains a number of entries labelled "SPY" and also includes images of the person alongside social accounts, banking data and passwords.
The massive leak was initially uploaded at Global-Files.net however was quickly removed without explanation. Then, the website Cryptome mirrored the entire data dump in an easily-accessible format.
If the QNB hack https://t.co/R4jiU8iXEy site goes down, we'll offer the Zip. Unless irresistably bribed to dribble, redact and talk big.— Cryptome (@Cryptomeorg) April 25, 2016
After analysing the data Simon Edwards, cybersecurity expert with Trend Micro, told IBT that "the breach seems to be a classic attack on a bank, with the majority of data leaked online exposing customers' bank account details, such as account numbers, credit cards and addresses.
"There's also a lot of information on banking transactions, suggesting that the perpetrators were trying to expose specific transactions. This theory can be further strengthened by the hacker's attempts to profile the bank's customers into different categories, mostly focusing on Qatar's TV network along with other foreign agencies, some of which are categorised as 'spies'."
He added: "Interestingly, there is also additional data about mainly foreign bank account holders, which includes information such as their Facebook and LinkedIn profiles, along with 'friends' associated through those social networks. This data doesn't appear to have come directly from the bank itself, rather the perpetrator used the data held by the bank to then build up profiles of further targets."
Unlike the Panama Papers which were greeted to resounding global media fanfare, virtually no outlets have reported on the Qatar bank's hack, which suggests to us that the data contained there is much more relevant and sensitive, and public attention will be diverted at all costs.
We are currently going through the source data.