Helping financial institutions stay safe by Hacking them.

This article should give you chills. It is not an illusion that cyber fraud is increasing rapidly. Because the world suffering a pandemic, thousands of workers laid off, most processes going digital, one should take seriously the concept of cybersecurity for the following reasons.

1. You could be a target of a phishing scheme, relationship scam, Identity theft, ransomware attack or implicated in someone else’s crime.
2. You have friends, family or work in a company that are potential targets.
3. You have information saved with financial institutions, telecommunication companies, social media platforms, productivity platforms and government institutions.

Malicious hackers are becoming smarter and leave little or no room for errors. They go as far as clearing logs, deleting footprint in a network & creating backdoors.

Today we would be looking at the topic “How safe are your funds?”.

Every day, hackers are working round the clock on finding various ways to hack companies to steal funds or data (sensitive information). Unlike foreign institutions, most companies in Africa rarely acknowledge these breach publicly because these organizations have trust and cultural problems when it comes to disclosing cyberattacks.

This is most troubling for users who trust that their data is safe with these institutions and are not informed of any data breach to take precautionary measures such as changing emails, passwords, security questions, and holding organizations accountable for fixing and ensuring that it doesn’t occur again.

No organization indeed is 100% secure. Any organization can be a target of hackers either directly or indirectly. People ask this question; “if there is a possibility that everyone can be hacked, why worry about cybersecurity?”

An added layer of security makes you a more difficult target for hackers. For example, if a thief sees 10 bicycles and wises to steal one, he would go for the one without lock rather than attempting to unlock a locked one in presence of other unlocked bicycles, hence security tools and practices give us that extra lock making us more difficult to exploit.

We have reports of customers data being leaked by financial institutions but the institutions refusing to acknowledge the breach in West Africa.

Here is a list of notorious cyber hacks exploiting millions of accounts

1. Big banks like Capital One, the victim of a recent attack that captured the personal information of over 100 million people, are a target for digital troublemakers, like individual hackers trying to impress their peers or intelligence operatives for foreign governments.
2. TWO NIGERIAN BANKS HAVE BEEN HACKED - they deny it, here’s a bigger problem
3. CITIFINANCIAL (3.9 MILLION ACCOUNTS) — a box of computer tapes sent over United Parcel Service (UPS) was lost. The tapes had sensitive information, including names, social security numbers, addresses, payment histories, and account numbers, on 3.9 million customers, both current and former, who had applied for personal loans.
4. EDUCATIONAL CREDIT MANAGEMENT CORP (3.3 MILLION ACCOUNTS) — The enterprise reported that the theft affected 3.3 million people. The breach did not involve financial or banking information, though it did include social security numbers.
5. CheckFree CORP (5 MILLION CUSTOMERS) — In 2009, electronic bill payment service provider CheckFree Corp. was hit by cybercriminals who hijacked and redirected its site traffic to a malicious site instead. At least 5 million customers logged in with their credentials or enrolled in the fraudulent site to attempt to pay bills.
6. DATA PROCESSORS INTERNATIONAL (8 MILLION CREDIT CARD NUMBERS )— In 2003, Data Processors International sought the help of the FBI and the Secret Service after a hacker breached their security systems and stole as many as 8 million credit card numbers. Around 2.2 million were MasterCard-issued credit cards, while 3.4 million were issued by Visa.
7. KOREA CREDIT BUREAU (20 MILLION SOUTH KOREANS )— An employee of the Korea Credit Bureau, which offers fraud detection and risk management services, secretly copied databases containing customer details in 2014. Most of the victims were customers of KB Kookmin Bank, Nonghyup Bank, and Lotte Card, and high-level managers at the three companies offered to resign.
8. CARD SYSTEMS SOLUTIONS, INC (40 MILLION CREDIT CARD ACCOUNTS) — CardSystems Solutions Inc., a third-party payment processor, confirmed the “security incident” and said that a hacker was able to put malicious code on their network and thus access their files. At the time of the breach, the company was processing at least $15 billion in credit card transactions yearly and had at least 100,000 small businesses as clients.
9. JPMORGAN CHASE (76 MILLION HOUSEHOLDS + 7 MILLION SMALL BUSINESSES) — In 2014, JPMorgan Chase, the largest U.S. bank, reported a data breach that affected 7 million small businesses and 76 million households. Initially, the bank had claimed that only a million accounts were affected in the breach, which was detected a month after its initial intrusion.
10. TRW INFORMATION SYSTEMS AND SEARS (90 MILLION INDIVIDUALS )— This next giant finserv data breach is a throwback. In 1984, somebody stole a credit file password to TRW Information Systems that allowed access to the credit histories of 90 million people.
11. HEARTLAND PAYMENT SYSTEMS (130 MILLION CUSTOMERS) — In 2008, Heartland Payment Systems reported that their systems had been hacked. The attack affected around 130 million customers and multiple credit card types. According to ComputerWorld, the company spent around $140 million to deal with the massive breach: $60 million to settle with Visa, $3.5 million to settle with American Express, and legal fees amounting to at least $26 million. Also, $42.8 million was earmarked for potential settlements and litigation in the future.
12. EQUIFAX, INC (143 MILLION ACCOUNTS IN THE US AND 400,000 IN THE UK) — Equifax recently reported that as many as 400,000 British accounts and 143 million U.S. accounts were compromised in a data breach. The credit reporting firm disclosed that the data breach involved names, social security numbers, birthdates, telephone numbers, and email addresses. Also, the hackers stole the credit card numbers of more than 209,000 consumers. The data breach, caused by an unpatched Apache Struts vulnerability, started in mid-May but was not detected until July 29. This latest breach resulted in the CEO, CSO, and CIO all stepping down and many customers filing lawsuits against the company. The biggest long-term impact it may result in could be a change in the way courts respond to the damage that data breaches cause their victims.

I can go on and on because these attacks never stop and always happening in totally new ways. What are businesses doing about it?

Most financial institutions invested more in cybersecurity, Paypal, for instance, signed up to Hackerone bug bounty program where they pay hackers to test for, detect and safely remove these vulnerabilities.

Paypal’s bug bounty page on hackerone

This is actually where the idea hit me? why not test for these vulnerabilities safely and in confidence with these financial institutions in Africa? It is never okay to suffer in silence! a solution would be to invest in an added layer of security by getting firms specialized in security to monitor your systems round the clock. What would be alot more interesting and great is to higher expert ethical hackers to safely hack your systems to check for these bugs and report the vulnerabilities to be fixed before the bad hackers do.

Security should not be taken lightly, you haven’t been affected yet does not mean that you are immune to attacks. we all need that extra layer of security. Teach your staff about safe ethical processes and always share important security updates with employees as well as customers.

Together we can achieve data security.

This is a page I write down thoughts experiences and teachings about cybersecurity with the hopes of creating a sporadic change and get people interested and empowered with the right knowledge of solving these pertinent issues — — you can support me by buying me a coffee. Thanks for reading, until next time.