22 Sep 2015
According to several media reports, a group of hackers who call themselves 'Hack for Trump' have tried to extort $30,000 USD after compromising a Bahamas-based financial services group.
Hack for Trump planned to publish the sensitive data it hoovered up from the Fidelity Bank breach, unless the bank coughed up the ransom.
The money is destined to support Trump’s presidential campaign, say the hackers.
The money is destined to support Trump’s presidential campaign, say the hackers.
Tribune Business received the following statement:
“Our name is Hack For Trump and we wish to inform you that we hacked the website of Fidelity Group (fidelitygroup.com), an offshore bank with offices in the Cayman Islands and in the Bahamas.“We did not get access to their customers’ financial data, but we managed to dump three databases serving their main website. This data contains various confidential details about the bank, as well as hundreds of e-mails sent by prospective and existing customers, both local and foreign ones.“We demanded $30,000 from Fidelity Group, payable before Friday September 18, in exchange for not posting their databases on the Internet.“If Fidelity does pay us, we plan on using those funds to help Donald Trump get elected to the White House, as he is the only candidate who can restore America to its former glory.”
Fidelity Bank’s chairman, Anwer Sunderji, confirmed to Tribute Business that Hack for Trump made contact and demanded a ransom payment for not publically posting the hacked data online.
He said that the malfeasants “appeared to have hacked an external server that hosts Fidelity’s public website, adding that it holds ‘minimal information’.” The bank has been reassuring clients that there has been no widespread leak of personal financial data.
“We’re not going to pay them $30,000. It’s blackmail; a shakedown,” said the bank's chairman.
Is it a worry that Fidelity’s chairman is sounding a little laissez-faire about the attack? He is quoted by the Tribute Business, saying “They hacked a vendor’s server, and got some information that’s not terribly important to us.” We can only hope the bank’s customers agree.
Reports from the Nassau Guardian state data protection Commissioner Sharmie Farrington-Austin has launched an investigation into breach. She points out there there are four important elements for the data controller’s breach-management plan, “which she noted had been adopted from the United Kingdom.”
1. Containment and recovery
2. Risk assessment
3. Notification of breaches
4. Evaluation and response
Fidelity Bank is by no means the first company who suffered data loss, but it is the first extortion that I am aware of which is tied to supporting a presidential candidate. Trump is not new to online snafus. In August, his corporate website was reportedly hacked to give thanks to Daily Show's then host, Jon Stewart.
Get the latest advice and solutions to deal with today's IT security challenges
To learn about these and other new IT threats, check out AKJ Associates' e-Crime and Information Security series. With security events held throughout the year all around the world, it’s the place to be for IT security.
Carole Theriault - Tick Tock Social
AKJ Associates' consultant
Tags: Donald Trump Fidelity Bank breach hackers ransom extortion presidential campaign security privacy
