During the weekend of 5-6 November, Tesco Bank was hacked and £2.5 million pounds were stolen from its customers. Cybersecurity firm Cyberint probed the dark net for clues and caught hackers gloating.
According to the Israeli company, hackers were gloating on a variety of dark net platforms, such as AlphaBays’ forum, Hacking Forum and other lesser known pages. Reportedly hackers, were claiming the bank was a “cash milking cow”, and that it was “easy to cash out”. One of them even claimed he used to cash out £1.000 on a weekly basis, without being noticed.
Cyberint says it found discussions claiming a tool “brute forced” access to Tesco’s clients’ bank accounts. Its use was to simply test numerous login and password combinations, until one of them finally worked. According to the company the bank took preventive measures, but ultimately didn’t manage to deter the attackers.
Elad Ben-Meier, Cyberint’s vice-president of marketing, told the BBC:
It was a cat and mouse game, but we saw indicators starting from September – so two months before the actual attack – of quite a few threat actors saying, ‘We’ve been successfully getting into accounts and cashing out through various means
The Tesco Bank hack
On the weekend of November 5-6, hackers broke into Tesco Bank’s computer system. They managed to take £2.5 million from the accounts of 9.000 customers, who were given money bank as the loss was borne by the bank.
The Sunday Times suggested the hackers carried out the attack with mobile phones. They used stolen bank data to set up contactless payment accounts. Reportedly, the thieves made purchases at Best Buy in the US, and in other Brazilian retailers.
A few cybersecurity firms claim to have warned the bank it had security flaws prior to the attack. The BBC even quotes a report claiming:
Several vendors in the dark net offer software that uploads compromised card data on to Android phones in order to make payments at any stores accepting NFC payments.
According to the bank, hackers didn’t breach their systems, and didn’t steal any personal data during the attack. It is working with the National Crime Agency (NCA) and with the National Cyber Security Centre (NCSC) to investigate the attack.
Image from Shutterstock.