Cyber-Attacke auf Genfer Kantonalbank

0
206
views

Am 07.01.2015 gab die Banque Cantonale de Genève (BCGE) bekannt, dass sie Ziel eines Cyber-Angriff ist. Die Bank wird demnach von einer Gruppe mit Namen Rex Mundi erpresst. Die Gruppe hat nach eigenen Angaben die BCGE gehackt und dabei keine Bankdaten, sondern 30 192 E-Mails zwischen der Bank und Schweizer sowie ausländischen Kunden und daneben weiteres „interessantes Material“ heruntergeladen. Die Erpresser fordern 10 000 Euro, sonst landeten gestohlene Kundendaten im Internet. Zugleich stellte die Gruppe eine Kostprobe online:

„Dear friends and foes,

Last week, we hacked our way into the servers of Swiss bank Banque Cantonale de Geneve (BCGE). While we did not access any bank account, we did download 30,192 private emails sent by both Swiss and foreign customers, in addition to various other interesting data (conference registrations, mailing list entries,…).

One of these emails we downloaded, for example, was sent by a Mr David Niknejad, born on 7/21/1980. His phone number is 006596469271 and his email address is david_niknejad@cargill.com. He sent the following email to BCGE: „Dear Sir/Madame, I am currently on a work assignment in Singapore. I need to access my accounts (CH80 0078 8000 0501 1656 8) but I am unable to. My access has been locked. Please kindly unblock my account and resend a new password (to my address in your system in Madrid, Spain). If needed you may reach me at +65 96469271. Many thanks.“

Or we have Mr Andre Coenen, who lives at Grotewinkellaan, 97, Strombeek-Bever and whose email address is andrecoenen@gmail.com. (Phone #: 33680850606). His message is „Madame, Monsieur bonjour,\r\n\r\nNous voudrions fermer notre compte et transferer le solde de notre compte en France.\r\nMerci de nous indiquer les demarches administratives a  suivre.\r\nDans l\\’attente de notre reponse Tres cordialement Andre Coenen et Sylvia Sarosi“

There are 30,190 other similar emails and customer records in the database we downloaded.

We would like to mention that, as always, we did contact BCGE a few days ago and offered them not to post their data in exchange for a very reasonable amount of money. Since they declined our initial offer, we have therefore decided to post this initial leak.

The full dump will be posted on our website (http://ga6xcwvbs7czcs2v.onion/) as well as on clearnet on Friday at 6PM CET if BCGE still refuses to pay us 10,000EUR.

If you are a BCGE customer and, more importantly, if you are one of their many foreign customers and want to avoid a painful tax audit, you might want to contact the bank and ask them to reconsider their position either by visiting www.bcge.ch and filling out the contact form or by calling +41 (0)58 211 21 00 .

Rex Mundi“

In zahlreichen Twitter-Nachrichten kritisierten die Erpresser die Bank für ihre laxen Sicherheitsvorkehrungen und verspottete Kunden. «Wir wünschen allen in den BCGE-Dateien aufgeführten nicht-Schweizer Konto-Inhabern eine frohe Steuerprüfung», hiess es etwa.

Die Bank hat eine Zahlung unterdessen abgelehnt.

Die BCGE erklärt, es seien „nur wenige brauchbare Informationen” abhanden gekommen. Alle betroffenen Kunden seien bereits von ihren Beratern kontaktiert worden.