Iranian protesters burn banks as hackers expose customers’ accounts online


Bank details of millions of Iranian have been hacked and shared online, with details of the breach only now coming to light, while hundreds of bank branches have been set on fire by demonstrators since violent protests started last month.

As of Tuesday, details of 15 million bank debit cards in Iran had been published on social media in the aftermath of the protests, unnerving customers and forcing the government to acknowledge a problem.

The exposure represented the most serious banking security breach in Iran, according to Iranian media and a law firm representing some of the victims.

The breach, which targeted customers of Iran’s three largest banks, was likely to further rattle an economy already reeling from the effects of American sanctions and came as Iran’s leadership was grappling with deep-seated anger over its deadly crackdown on the protests.

The number of affected accounts represents close to a fifth of the country’s population.

“This is the largest financial scam in Iran’s history,” reported Aftab News, a conservative media outlet. “Millions of Iranians are worried to find their names among the list of hacked accounts.”

Iran’s information and telecommunications minister, Mohammad Javad Azari Jahromi, described the breach as data theft by a disgruntled contractor who had access to the accounts and had exposed them as part of an extortion attempt. He denied the banking system’s computers had been hacked.

But outside cyber experts disputed that claim. They also said a breach of such magnitude was likely the work of a state entity aiming to stoke instability, not criminals whose objective is blackmail for financial gain.

Iran has been engaged in a cycle of hack and counter-hack in a cyberwar against the United States and Israel. Both sides have targeted each other’s financial and sensitive government institutions through cyberattacks for years.

The banks affected — Mellat, Tejarat and Sarmayeh — had all been sanctioned more than a year ago by the United States Treasury, which accused them of having transferred money on behalf of blacklisted entities of Iran’s Islamic Revolutionary Guards Corps, part of the armed forces. The entire Revolutionary Guards organization was designated as a terrorist group by the Trump administration last April.

A White House spokesman did not respond to a request for comment on the Iran banking breach.A spokesman for the Israel Defense Forces said: “We do not respond to foreign reports.”

Analysts monitoring Iran said that regardless of who was responsible, the breach created another financial challenge for the Islamic Republic as it struggles to manage tough economic sanctions imposed by the United States, as well as unrest at home and a political backlash in the region over Iran’s influence.

The data exposure could have a long-term impact on the three banks if customers lose trust and withdraw their money.

Iran’s official silence for nearly two weeks on the exposure could reflect reluctance by the leadership to acknowledge that its financial institutions are vulnerable, experts said. The bank card data first began to appear on Nov. 27, but it was not until Sunday that Mr.Azari Jahromi, the information minister, commented on the breach.

The persons or entity behind the attack and the motivation remain unclear. The account information was published on a channel called “Your banking cards” on Telegram, a popular mobile phone app used in Iran. The first message warned that “we will burn the reputation of their banks the same way we torched their banks,” referring to protesters across Iran who pillaged and burned about 730 bank branches.

The message on Telegram also stated that the perpetrators had demanded payment from the banks but their request had been ignored, and therefore they would be releasing the details on millions of bank cards. Within hours, they did.

The information uploaded on Telegram contains names of account holders and account numbers but the PIN codes appear obscured. The information also included directions on how to make homemade forgeries of cards containing the leaked information.

The banks sent clients text messages and Iran’s cyberpolice alerted them in an email titled, “Your bank account is in danger of illegal usage,” and asked customers to visit a bank branch and replace their cards, according to a copy of the email published in Iranian media.

None of the three banks have issued public statements acknowledging the breach. (Source: NY Times)