Security breach on CBD web site

Commercial Bank of Dubai (CBD) is ditching its web site provider following concerns about security for the site. The bank’s move follows a hacking attack last month that saw the web site defaced after a hacker gained entry to the site’s administration system.

  • E-Mail
By  Diana Milne Published  October 23, 2005

Commercial Bank of Dubai (CBD) is ditching its web site provider following concerns about security for the site. The bank’s move follows a hacking attack last month that saw the web site defaced after a hacker gained entry to the site’s administration system. The hacking attack is just the latest security incident to come to light featuring banks in the UAE. Banks in the country are so concerned at the security situation that executives from a number of the leading banks have held a series of confidential meetings to discuss security issues and share information, IT Weekly has learned. In the CBD incident, the hacker is understood to have gained access to the bank’s adminstration system. While CBD said the bank’s internal security had not been breached, it acknowledged that the incident could potentially have affected customers. “We understand that any service with any relation to our business must meet our security requirements, which is one of our top priorities. That’s why we are planning to host the web site on another network,” said Vijay Kumar, deputy IT manager at CBD, in a statement to IT Weekly. He added that the bank’s IT infrastructure was not affected: “The incident regarding CBD’s web site was not related whatsoever to any internal network, system or server. The site is a static web site and it is hosted on a third party site with no connections to our IT infrastructure.” CBD’s web site is currently hosted by a Dubai- based company, Interactive Limited, which has also worked with Pepsi Beverages International Middle East and Emirates Academy of Hospital-ity Management. Interactive Limited admitted it has been under “constant attack” from hackers trying to break into its servers and that the hacker who entered the CBD site had made numerous attempts to do so over a period of three to four weeks. The general manager of the company, Peter Corrigan, said that in seven years it was only the second time that a web site hosted by one of the company’s servers had been hacked into. He claimed that “extreme” measures had been taken to prevent a repeat attack. Corrigan said he had not been told of CBD’s plans to find a new host for the web site. “They have not said anything to us and I’m disappointed to hear it,” he said. Although there is a link to the bank’s online banking site from the CBD website, Corrigan said there was no way the hacker could have gained access to th- at area. “He could not have got into the online banking pages,” he said. “In order to do that he would have had to attack the se- rver specifically that the online banking is on, and that is an internal bank server,” he added. The CBD hack follows a number of high profile attacks on UAE banks this year. Mashreqbank suspended its online banking service earlier this year, citing the threat of hacking attacks. A wave of attacks saw other banks in the country also targeted, including National Bank of Dubai (see IT Weekly 2- 8 July 2005). This month, National Bank of Abu Dhabi said it had issued a warning to its customers following an attempted phishing attack (see IT Weekly 15- 21 October 2005). Senior IT staffers from a number of local banks have held meetings to discuss the ongoing security problems. “We felt we needed to co-ordinate our efforts better,” the IT security manager of one local bank revealed. “Quite wisely, the banks are just looking to protect their customers’ assets and you know that sharing information informally between ourselves is one method of achieving that,” he said.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code