Lord777
Professional
- Messages
- 2,577
- Reaction score
- 1,563
- Points
- 113
On the morning of November 11, some Uzbek citizens did not count the money on their bank cards. Unknown persons removed several tens of millions of soums from them, bypassing the protection of SMS codes. "Gazeta.uz" retells the stories of the victims. Meanwhile, the Central Bank and Humo denied hacking one of the country's banks.
The Central Bank of Uzbekistan commented on reports on social networks that as a result of a hacker attack, servers were hacked, thanks to which fraudsters had all access to cards in the application of one of the country's banks.
These reports said that hackers broke into the cards of one of the country's banks and stole 57 billion soums. They allegedly exchanged this money for cryptocurrency and took it out of the country.
"This information is not true. We would like to inform you that there were no cyber attacks on banks and payment systems, and currently the activities of commercial banks and payment systems meet all security requirements, " the Central Bank said.
The National Interbank Processing Center (Humo operator) also responded to reports that hackers allegedly attacked banks in Uzbekistan and stole a large amount of money from Humo cards.
"This information is false and does not correspond to reality. The Humo payment system meets all security requirements and there was no cyber attack on the system," the center stressed.
These messages were distributed in social networks on November 14. However, even earlier there was information about people who really suffered from the actions of unknown people. Large sums of money were withdrawn from their cards without their knowledge. Protection from SMS codes sent to the cardholder's phone did not become an obstacle.
Victims
On Saturday, November 11, in the group "Consumer.uz" one of the participants reported that a large amount of money was withdrawn from her Humo card issued by Octobank (formerly Ravnak-bank) in several transactions during the night.
The attached screenshots show that the sender of Unired sent a code to her mobile phone several times to confirm the debit of money from a bank card. According to the author, she did not pass the codes to anyone. However, according to the screenshots, almost 43 million soums were debited from the card in three transactions.
Later, Octobank, which issued the card of the author of the post, commented on this incident. The bank's employees investigated the incident and found out that the money transfer operations were performed through the Unired Mobile app, and all transactions were confirmed using SMS codes sent by Unired Mobile.
"All possible shortcomings or incorrect operation of the anti-fraud system in Octobank are excluded," the report says. The bank added that although customer accounts are protected by software against fraudsters, "one of the weak points is the SMS code transmitted orally, in writing, through malware, through fake phishing sites by the customer himself."
Gazeta.uz also received messages from readers whose cards were withdrawn under similar circumstances and without their knowledge.
Reader Viktoria said that 19.7 million soums were withdrawn from her Humo card issued by Tenge Bank on the night of November 11 in three transactions. She only discovered it this morning.
As in the first case, it received messages from the sender of Unired, as well as OFB-ex (perhaps we are talking about the OFB Express application). Victoria clarified that none of the apps with such names are installed on her phone.
A little later, the reader's spouse installed the Unired program on his phone. "It turned out that this program displayed all the data of the Humo card, and under my phone number was the name of [a stranger]. It was also clear from this program that 19.7 million soums were transferred to the card of [another outsider]. Subsequently, it turned out that these are real people who have accounts in Tenge Bank," Victoria writes.
Another reader, Serhiy, said that on the night of November 11, both of his Humo cards issued by InfinBANK and the NBU via the Unired app made transfers totaling 74 million soums in four transactions. At night, as in previous cases, SMS messages were received with codes that Sergey did not pass on to anyone.
The Unired app mentioned above belongs to Universalbank. Sergey also said that he applied to this bank for clarification.
"I learned from the bank's employees that the application does not have security algorithms (a person downloaded the application at night, added bank cards and immediately withdrew all the money from the cards, the bank does not consider it a suspicious operation), as well as a barrier limit of $ 10,000 per day. Bank employees reported that any person can pass identification (in my case, a certain [stranger] passed) and add any cards without checking the cardholder's compliance," our reader writes.
Reader Dierbeck reported that on the night of November 11, he was sent several times confirmation codes for transactions that he did not request. After that, money was debited from his Qishloq Qurilish Bank card in the amount of 18.7 million soums, and from the Xalq Bank card-in the amount of 2.8 million soums.
"I tried to log in to my Unired account, and I managed to do it. When I logged in to my account, I was identified with a different passport in the name of [a stranger], and not with mine," Dierbek writes.
All three readers whose stories are described above emphasize that they slept at night (in all these cases, transactions were conducted from 2: 00 to 6: 00 in the morning), did not request or transmit codes to anyone.
In addition, Alexey Mukhamedov, an IT security specialist, told "Газете.uz" that I got acquainted with the reader Victoria's mobile phone and checked it for Trojans (malware that allows outsiders to get into infected devices) and rooting (obtaining administrative rights to the phone's operating system). He found no signs of forced entry.
The victims filed applications with law enforcement agencies.
From the readers of "Gazeta.uz" received information that at least 16 people suffered from unauthorized money transfers, the amount of damage caused to them is about 1 billion soums. The state authorities have not yet been able to clarify this information.
The Central Bank of Uzbekistan commented on reports on social networks that as a result of a hacker attack, servers were hacked, thanks to which fraudsters had all access to cards in the application of one of the country's banks.
These reports said that hackers broke into the cards of one of the country's banks and stole 57 billion soums. They allegedly exchanged this money for cryptocurrency and took it out of the country.
"This information is not true. We would like to inform you that there were no cyber attacks on banks and payment systems, and currently the activities of commercial banks and payment systems meet all security requirements, " the Central Bank said.
The National Interbank Processing Center (Humo operator) also responded to reports that hackers allegedly attacked banks in Uzbekistan and stole a large amount of money from Humo cards.
"This information is false and does not correspond to reality. The Humo payment system meets all security requirements and there was no cyber attack on the system," the center stressed.
These messages were distributed in social networks on November 14. However, even earlier there was information about people who really suffered from the actions of unknown people. Large sums of money were withdrawn from their cards without their knowledge. Protection from SMS codes sent to the cardholder's phone did not become an obstacle.
Victims
On Saturday, November 11, in the group "Consumer.uz" one of the participants reported that a large amount of money was withdrawn from her Humo card issued by Octobank (formerly Ravnak-bank) in several transactions during the night.
The attached screenshots show that the sender of Unired sent a code to her mobile phone several times to confirm the debit of money from a bank card. According to the author, she did not pass the codes to anyone. However, according to the screenshots, almost 43 million soums were debited from the card in three transactions.
Later, Octobank, which issued the card of the author of the post, commented on this incident. The bank's employees investigated the incident and found out that the money transfer operations were performed through the Unired Mobile app, and all transactions were confirmed using SMS codes sent by Unired Mobile.
"All possible shortcomings or incorrect operation of the anti-fraud system in Octobank are excluded," the report says. The bank added that although customer accounts are protected by software against fraudsters, "one of the weak points is the SMS code transmitted orally, in writing, through malware, through fake phishing sites by the customer himself."
Gazeta.uz also received messages from readers whose cards were withdrawn under similar circumstances and without their knowledge.
Reader Viktoria said that 19.7 million soums were withdrawn from her Humo card issued by Tenge Bank on the night of November 11 in three transactions. She only discovered it this morning.
As in the first case, it received messages from the sender of Unired, as well as OFB-ex (perhaps we are talking about the OFB Express application). Victoria clarified that none of the apps with such names are installed on her phone.
A little later, the reader's spouse installed the Unired program on his phone. "It turned out that this program displayed all the data of the Humo card, and under my phone number was the name of [a stranger]. It was also clear from this program that 19.7 million soums were transferred to the card of [another outsider]. Subsequently, it turned out that these are real people who have accounts in Tenge Bank," Victoria writes.
Another reader, Serhiy, said that on the night of November 11, both of his Humo cards issued by InfinBANK and the NBU via the Unired app made transfers totaling 74 million soums in four transactions. At night, as in previous cases, SMS messages were received with codes that Sergey did not pass on to anyone.
The Unired app mentioned above belongs to Universalbank. Sergey also said that he applied to this bank for clarification.
"I learned from the bank's employees that the application does not have security algorithms (a person downloaded the application at night, added bank cards and immediately withdrew all the money from the cards, the bank does not consider it a suspicious operation), as well as a barrier limit of $ 10,000 per day. Bank employees reported that any person can pass identification (in my case, a certain [stranger] passed) and add any cards without checking the cardholder's compliance," our reader writes.
Reader Dierbeck reported that on the night of November 11, he was sent several times confirmation codes for transactions that he did not request. After that, money was debited from his Qishloq Qurilish Bank card in the amount of 18.7 million soums, and from the Xalq Bank card-in the amount of 2.8 million soums.
"I tried to log in to my Unired account, and I managed to do it. When I logged in to my account, I was identified with a different passport in the name of [a stranger], and not with mine," Dierbek writes.
All three readers whose stories are described above emphasize that they slept at night (in all these cases, transactions were conducted from 2: 00 to 6: 00 in the morning), did not request or transmit codes to anyone.
In addition, Alexey Mukhamedov, an IT security specialist, told "Газете.uz" that I got acquainted with the reader Victoria's mobile phone and checked it for Trojans (malware that allows outsiders to get into infected devices) and rooting (obtaining administrative rights to the phone's operating system). He found no signs of forced entry.
The victims filed applications with law enforcement agencies.
From the readers of "Gazeta.uz" received information that at least 16 people suffered from unauthorized money transfers, the amount of damage caused to them is about 1 billion soums. The state authorities have not yet been able to clarify this information.
