A group calling itself ‘Anonymous Ukraine’ has claimed that it has hacked information related to more than 800 million US credit and debit cards including of those who are at highest seats in the US government and other politicians. A claim that has been doubted by experts both on its merit and enormity. The group’s main reason to do so seems to be to damage relations between US and Ukraine and is believed to be a Russian group. A message from the group stated the following on 24th of March:
“After the USA showed its true face when she unilaterally decides which of the peoples to live independently and who under the yoke of the Federal Reserve, we decided to show the world who is behind the future collapse of the American banking system. We own all the financial information of the Fed. And even more than you think.”
There are two companies, Risk Based Security and Battelle, which are investigating the breach and both say that they have not found any credible proof that the said 800 million accounts have bean breached. The data that hackers have provided as proof is incomplete, outdated and/or fraudulent.
The hacking group announced that it had released details of more than 25 million credit or debit cards. Battelle counted the right amount to be about 10.2 million and only 1% of it is complete. Rest of the accounts have either important details missing, such as full name or expiry date or validation codes, or the information is totally out dated as the expiration dates are from 2012-2014 rather than 2015-2016. The earlier dates of expiration suggests that the information was acquired from an older data dump. For all those credit or debit cards having all the correct and complete information, are believed to be gathered through fake banking websites using phishing, according to Ernest Hampson, technical director for Battelle’s cyber intelligence and counterintelligence group. He added about the threat and sophistication:
“These criminal organizations are acting more like armies every day. They have their own Intel, they’re gathering information about your employees, finding out who your friends are, and they can target attacks directly against you that make it unlikely that you would not click on that email.”
Interestingly, it seems that some of the users started noticing something fishy about these phishing sites and started entering messages like “Bite Me”, “your momma” or “get lost”.
While downloading the data from site, Battelle’s investigators also received a malware which appeared to have been hosted in Ukraine on a server owned by a Ukrainian. The investigators are closely monitoring the activities of Anonymous Ukraine. Hampson said:
“It’s really important to keep an eye on your enemy, find out what they’re interested in, what their motivation is, what their capabilities are.”