News of a hack on GTBank — one of Nigeria's biggest banks — surfaced on social media yesterday, August 14 2024.
A news outlet alleged that hackers stole the bank's website and got access to customers. The outlet said that the hack was completed in a massive phishing operation.
However, experts who spoke to Techpoint Africa said that "if the domain hack is real, then there must have been an insider on it."The expert said this because access is needed to transfer the domain from where it is currently managed to another.
"To transfer domain ownership, you need a key from the current place where the domain was bought."
Meanwhile, Divine E. Ezelibe, a cybersecurity expert who spoke to Techpoint Africa, said a hack on the bank's domain was unlikely.
He said taking over a domain can be done in two ways; waiting for it to expire or getting access to the domain register. The latter, however, is more difficult as they are safeguarded with two-factor authentication.
Similarly, the former is also impossible as there is always a grace period of 30 to 90 days for domain registration. This means that no one could buy the domain name within this period.
According to domain information seen by Techpoint Africa, the gtbank.com domain was registered on March 21, 2002, updated on August 13, 20204, and would expire on March 21, 2029.
Unfortunately, there is no information on when the domain expired before it was renewed two days ago on August 13.
Let the best of tech news come to you
Give it a try, you can unsubscribe anytime. Privacy Policy.
The domain is currently unavailable and doesn't link to any of the bank's services.
He also said an hack could have happened if a Domain Name System Security Extensions (DNSSEC) was not activated for the GTBank domain. "The job of teh DNSSEC sec is to protect the data while you're resolving the DNS." He pointed out that GTBank being an enterprise system, must have implemented these security measures.
Ezelibe also suspects the possibility of an insider attack. "If it was a domain transfer that was initiated by their EPP code, it could be the case of an insider attack.
How does this situation affect customers?
A developer who spoke to Techpoint Africa said that the website does not currently have a secure socket layer (SSL), which could affect customer's data. "If people have proceeded to log in without an SSL, their login details must have been stolen."
He also said if the domain has been stolen, according to some claims, the website can be mirrored, which means the bank's data might be at risk.
"The website could still be connected to the API infrastructure; they can get relevant data. Also, they might be able to send a malicious script to the customer's browser and steal information from other sites they've visited."
Conversely, other reports suggest that the bank's issue is late domain registrations, and resolving the problem could take a while. Techpoint Africa has reached out to the bank but is yet to get a response.
Hacks on financial institutions have been on the rise since last year. From Flutterwave to First Bank, these institutions have lost billions of naira. While GTBank's problem might not be a hack, it calls into question the technical capabilities Nigeria's financial institutions.