July 22, 2012 ·14 Comments
Hargeisa (Somalilandpress) A group claiming to be the Hackactivists group Anonymous have breached Dahabshiil servers and compromised sensitive information. The group has published sensitive information online that includes balance statement of Dahbshiil, accounts information and identification of Dahabshiil clients. The Anonymous group is accusing the largest money transfer company in East Africa of having ties to terrorist organizations including Al-Qaeda and Al-Shabab.
In a press release, Dahabshiil has acknowledged the breach but denied that Anonymous is behind the hack. Dahabshiil did not say who is behind this operation. Also the bank denied any links to terrorism activities. In official email from the Dahabshiil, spokesperson stated, “Dahabshiil adheres to all industry standards in keeping confidential the details of its customers’ instructions and their unique transaction references. Furthermore, the company places the highest importance on its compliance procedures and has policies in place which are approved by the relevant authorities, including the FSA in the UK.”
Dahabshiil denied the breach two days, but in follow-up statement yesterday, the bank acknowledged the compromise. It is not clear the extent of the breach. But it looks the Bank has suffered a major blow. Anonymous has published account information of clients in different parts of the world. The leaked information includes database that contains account holders names, account numbers, phone numbers, addresses, email accounts and account balance. Somalilandpress is able to verify the authenticity of leaked information. Leaked accounts belong to Dahabshiil clients in Somaliland, Somalia, Djibouti and number of European countries. However, transactions and accounts activity seem limited between early 2000s to mid 2011. It is not clear when the hack took place. Anonymous claims that have had access to Dahahbiil’s server for months, but decided recently “to destroy them… and publish sensitive data” to proof to the Bank they have access to local files.
It is not clear why the group is targeting Dahbshiil, which the backbone of Somali economy as the country has not had a functioning government and central bank for more than two decades. Anonymous has accused Dahabshiil to have ties to international terrorism and extremism. The group announced on its tubmlr account that, “representatives of the movement Anonymous reported the establishment of a special group called “iWot” (as “Internet War On Terror”), whose activities will focus on the identification and publication of information about individuals, firms and organizations that are directly related to terrorism, strongly supporting it…We officially declare war on terror. This is a call to action to monitor and / or destruction of businesses and institutions that work with the terrorists, rogue states, etc.,”
It looks like Dahabshiil is the first target on their list. The only evidence the group showed of this allegation is a wikileak document in which a Somali detainee is convicted of facilitating finance of Al Qaeda activities using money transferred through Hawala systems before 911 attacks. Dahabshiil uses what is known as Hawala which is based on local banking customs. In Hawala money moves within framework of trusted agents and business owners. It is not confirmed if the terrorist suspect used Dahabshiil to transfer to Al Qaeda.
Currently the bank operators across the globe including in the United States, UK and many western countries, which have strict money transfer regulations. Because of the collapse of Somali government and its national institutions, Dahabshiil and other smaller money transfer companies have become the bloodline of many Somalis. Dahabshiil is also used by development, aid and security NGOs who depend on the bank speedy and reliable services especially in conflict zones like in Somalia. All international NGOs are not immune from this breach.
It is not clear why Anonymous will launch these attacks under pretense of “fighting terrorism.” Anonymous became famous during Arab Spring and the rise of wikileaks. It targeted large banks and government agencies in the United States after Wikileaks founder was jailed in London for rape allegation. It is not clear who leads this group and how they are organized their campaigns. What to adds to the mystery of this operation is usually Anonymous group has been champion of the “people” and against big companies. Dahabshiil is far from capitalist bank and its clients are poor working people who sent small remittance to sustain large population in countries like Somalia and South Sudan.
In addition to account information, the leaked information included statement balance of Dahabshiil operation, architecture of remittance database, and screen capture shots of database UI. It seems hackers have had complete access to all the network and database of the companies for sometime including emails. It is not clear how this hack is possible. Usually banks have sophisticated firewall and protection against attacks like this one. It appears Anonymous received internal cooperation from someone with access to important data or breached the system using what is known as “social engineering.” Social engineering is tricking staff of a company into performing actions or divulging confidential information. Typically, hacks disable access to portal or specific databases but don’t get complete remote access to whole network and personal terminals. The group claims they have destroyed “Gigs of data” and infected lots of documents with “cyber-bombs” waiting to explode in less than two months. What makes this leak worse is that the group published national identification of Dahabshiil clients. It includes citizens from Norway, Netherland, Finland, Somaliland, Yemen, etc. The release ID cards are for ordinary people from different parts of the world who are not terrorism suspects.Follow @somalilandpress