The HackBack hacker is back.
The Cayman National Bank has suffered a massive data breach, reportedly, carried out by hacktivist Phineas Fisher also known as HackBack.
The hacker published over 2TB of data belonging to the bank’s 1400 customers including roughly 640,000 emails. Almost half of the customers are registered at the Cayman National Bank (Isle of Man). The data includes complete addresses of the customers, and balance information and owner names of 3800 bank accounts.
The link to the archive was uploaded on the Twitter account of Distributed Denial of Service. The Cayman National bank and Trust confirmed hacking of “raw” data from its database while sharing an internal document containing details of the hack attack. However, the scope of “data hack” is yet to be explained by the bank.
Here’s a screenshot of the tweet from @DDoSecrets account:
Phineas Fisher revealed while talking to the Motherboard that the data he has managed to steal is the “most detailed view of international banks that the public will ever have access to,” and accused the bank to be involved in money laundering backed by the “Russian oligarchy” and others.
Fisher also stated that hacking has evolved into a powerful medium but only a fraction of its actual potential is utilized but the golden years of hacktivism are not much far and a little investment can do wonders for hackers.
According to details shared by the Cayman National Corporation, the data hack affected records of the Cayman National Bank (Isle of Man) Limited, and Cayman National Trust Company (Isle of Man) Ltd. branches.
Moreover, the Cayman National Bank and any of its other affiliates in the Cayman Islands were not affected by the breach because the two banks have separate systems of storing databases, client information as well as email platforms.
Despite the best efforts of leading data security consultants, this criminal hacking group has breached our system, the bank said in a press release.
The bank has now notified the Isle of Man Financial Services Authority, the Cayman Islands Monetary Authority, and Information Commissioner’s Office about the data hack.
With this data breach, the Cayman National Bank (Isle of Man) joins the list of many other banks targeted by hackers recently. It is worth noting that the hacker also added a file in the Spanish language titled HackBack to the archive, which is more or less a DIY guide to hack banks and contained repeated references to the Cult of the Dead Cow files.
The hacker explained, apart from other things, the nitty-gritty of how to rob a bank. Phineas Fisher also confirmed stealing a few hundred thousand euros from the bank and urged fellow hackers to follow their conscience and not the law to benefit from hacktivism.
Phineas Fisher’s identity is yet unknown but their hacks have impacted companies around the world. For instance, they are the same hacker who hacked the Italian company Hacking Team in 2015 and released over 400GB of data that included source code of the FinFisher spyware used by regimes around the world.
The same hacker also hacked the official websites of The Bilderberg Group and Sindicat De Mossos d’Esquadra (SME) or the Catalan Police Union and leaked a trove of sensitive data online. However, their hacks involving stealing Bitcoins and donating them to Kurdish groups against ISIS gave them the label of “RobinHood hacker.”
Phineas Fisher believes that targeting mainstream financial institutions is not a crime but activism/hacktivism as they are the oppressors and not victims.