Iran Hack Exposes 3 Million AccountsBank Attack Reflects Global Hacktivist Trend, Expert Says
A hacker's posting of 3 million debit account numbers and PINs stolen from banks in Iran is the latest example of the worldwide growth in hacktivism.
U.S. security analyst Avivah Litan of the consulting firm Gartner expects more attacks like the one against Iran's banking system by the hacker known as Khosrow Zarefarid.
"Cyberattacks that are instigated by political motivations, launched by hostile nation states and parties, or by actors hostile to particular national states, will become more commonplace," she says, because more hackers will try to draw attention to their favorite causes.
Details of Hacking Incident
Zarefarid reportedly became frustrated when the Shetab payment network ignored his plea to repair security gaps and bugs he discovered in the network more than a year ago, when he worked as a manager at Eniac Tech, which operates the network. He sent a report about the security flaws to the heads of all of Iran's major banks, according to Kabir News. When no banks replied, he decided to take action and stole the account numbers and posted them.
Zarefarid published all the details he had stolen, including card numbers and PINs, on his blog: ircard.blogspot.ca. As of late afternoon Eastern Time on April 18, the card numbers still appeared on the blog, beginning on page four.
So far, Iranian banks have responded by advising cardholders to change their passwords. The Central Bank also issued a statement, apologizing for the incident.