http://www.digiss.net/resources/blog/entry/gtbankdotcom-hijacked-qshop-closed-please-come-back-laterq

Having got back from the office after a lengthy & busy couple of days, I settled down to watch Barcelona destroy Bayern Leverkusen in the Champions League. Midway through the one-sided match, I got a call from a friend who asked me to check whether I could access GTB's website from my PC. He complained that he had been trying for the past 12 hours without any joy! My initial suspicion was: either his PC was having issues, or his ISP's DNS servers were screwed but it turned out that I was wrong!

I was least expecting that, even if their website had been hijacked, GTB would not have the requisite recovery capabilities to ensure that the site comes back to life within minutes. Anyway, I decided to see things for myself by jumping on my little malware analysis toy laptop. Well, I did indeed find that the site was redirecting my traffic all over the place. The redirection path is thus: mylife.tk=>domain.dot.tk=>search discovered.com=>searchmagnified.com=> (, etc, etc, ) =>cdn.optmd.com.

Even Afrikeo had a pop at them!

How good is this for business? Well, let's imagine that 1000 online transactions of an average value of 10,000 Naira occur on GTB's website every hour. It means that the company loses N10,000,000/hour in transactional value. However, assuming that the site went down just before my friend accessed it at 0900GMT (and still hasn't recovered up till now, which it hasn't) they would have lost N150,000,000 in transactional value. I am not a banker, but assuming the profit margin on this volume is 5%, this represents a loss of N7,500,000. Ok, that's just about enough to pay the annual salary of a middle management staff, but this is an unwanted loss that could have easily been prevented. Besides, GTB's reputation and the confidence of their customers would have taken a bit of a hit, which we cannot put a Naira amount to!

Let's hope our financial organisations learn fast.

Back to the attack; going by my quick analysis, the attacker is focusing on his primary target which is GTBank. User's (secondary targets) are not currently being re-directed to websites hosting malicious codes, but that can change anytime. Before you visit the website, make sure you check the state of your browser and it's plugins here - and do the needful if need be - just in case you're redirected to a website hosting malicious exploit kits

Currently, it looks like a denial of service attack where the attacker is demanding a ransom before handing control of the website back to the legitimate administrator - this is the kind of deep mess you can find yourself in if you fail to guide your critical assets jealously.

One can also make so many educated guesses as to the cause of this incident. The domain does not expire until March 2016, so this isn't the cause of the re-directs. There is a fair chance that the site is running a vulnerable version of Apache which has been exploited as Netcraft shows that the last change (to the site's Apache web server app) occurred yesterday.

Anyhow, let's watch how this event unfolds and hope that our dear GTBankDOTcom recovers on time - I need to do some online banking fast

Easy conclusion is that they dont have good disaster recovery plans.

Is it hijacked??

since tey tey

http://www.gtbank.com/ is back online. Just visited it and there were no redirects.

The website was not hijacked as at yesterday, because i personally accessed the website and carried out transaction. So i don't know for u guy.

It is what happens when you put incapable people in charge of critical functions. I do remember once back in 2007 when a friend tried getting cash from a GTBank ATM and the console showed a Windows desktop running a virus scan and an alert indicating the computer was infected with some worm. Of course all the ATMs we went to that night showed the same desktop since they are all terminals to a single computer unit.

To add to this, I am aware of a vulnerability in JBoss and there was a security release on the issue several months back. I am sure if you check all the companies running JBoss in this country, none would have been updated as those in charge are completely unaware.

!rejoice:

http://www.digiss.net/resources/blog/entry/gtbankdotcom-hijacked-qshop-closed-please-come-back-laterq

Anyhow, let's watch how this event unfolds and hope that our dear GTBankDOTcom recovers on time - I need to do some online banking fast

^^^^^^
It's back online but the normal flash animations are not loading. I wouldn't login to the internet banking yet if I were you.

suolboy:

The website was not hijacked as at yesterday, because i personally accessed the website and carried out transaction. So i don't know for u guy.

Not to say the OP had a completely different issue (especially since I did not verify myself), but WHEN (as in what time) yesterday did you access the site?

dnt kno if to clap for d hackers or fil bad for d bankers, i so nid to learn dis

GTB website seems vulnerable to cyber-terrorists. Every now and then the site is reported being hacked. One needs to be aware of how a phishing sites looks like hence one risks giving out his personal details ignorantly.

suolboy:

The website was not hijacked as at yesterday, because i personally accessed the website and carried out transaction. So i don't know for u guy.

I just checked http://www.gtbank.com, not found

Are you sure you were not directed to a phishing site? If you were then I have no doubt that the hackers had achieved their aim. You may wish to change your (Internet banking) logins while you can

And we are talking of cashless society

Trust be they are back but now on a dot 35 IP which is local to naija. and seemingly OS with unknown signature, seems better.
no redirect.it is OK

Yes i can confirm that it was down yesterday.  I tried to execute a transfer and each time I clicked on the internet banking log on it redirects to one funny portal .tk

I backed out after three attempts. I am really scared of Gtbank.com now. I carry out tons of money transactions and now I don't feel safe on the site any more.

I would rather join the queues at the bank or move to UBA internet banking

These are reasons why First bank are far ahead of GTB

First Bank winning the most Innovative Bank in Africa is not a fluke because They are the

First to introduce ATM cash deposit in Nigeria.

First to Introduce ATM biometric

First to introduce automated cheque confirmation

First to bag ISO/IEC 27001 for Information Security Management system

First to bag BS 25999-2:2007 for Business continuity Management

No wonder they are the No. 1 Brand in Nigeria.

though I must admit that GTB is better in terms of Customer Service and Efficiency.

I noticed that since yesterday, I will love to advise u guys to stay-off using the site(even if it comes up again) for d main time,as it might just re-directs u to a phishing site and all ur sensitive details will end up in d wrong hands. Please dont panic as leading brand images are top target of hackers, i‘m quite GTB‘s server administrators are quite up to d task

@Baawaa, don't mind them,cashless societ ko?, cashlost sosoyeye nii,

I recievd a mail from them telling ♏ξ †ђa† i shld upgrade my acount,when i dnt have an account with them , I suspected immediately

Nextworldnx:

I noticed that since yesterday, I will love to advise u guys to stay-off using the site(even if it comes up again) for d main time,as it might just re-directs u to a phishing site and all ur sensitive details will end up in d wrong hands. Please dont panic as leading brand images are top target of hackers, i‘m quite GTB‘s server administrators are quite up to d task

we keep hearing that all the time but i am not impressed.
they need to sit up.

I used GT online portal yesterday. Although I first experinced a little hiccup, redirecting, the site eventually opened after couple of trials and I did my transaction validly.

The site is not accessible as 3.30pm. i mean  this afternoon. May be they are upgrading their site or something. You can try later.

check it on my phone now its same same.

Baawaa:

And we are talking of cashless society

MY BROTHER, SEE TROUBLE O.

I experienced the same yesterday here in Canada trying to access my account online and i got his re-direction times without number but i never followed the link, i actually tot it was network jam (which is quite common in Nigeria). owever, I retried it this mony and I had access to my accounts pronto, hope the bank strategises and be more vigilant becos GTB is a very big and well known bank all over the world so this carelessness is not excusable.

I noticed some funny activity too on their site, i tried to do an online transfer but backed out

these reports about GT being vulnerable is not good oh, i hate going to the banking hall and I conduct about 95 % of my transactions

online and POSs

I'll advise y'all to stay clear of using the GTB website for now. It was actually infected with malware in a Blackhole Toolkit Website 14 Attack. Until GTB gives an official account of the incident and inform of us of what steps they took to manage it, I think y'all shouldn't use the website (especially for transactions).

Experienced same wahala yesterday but seems okay now.
loading . . . . .

I actually noticed that yesternite bt went on to do my transaction wtout knowing the implication. I started having fear after reading frm here that it has bn hacked bt to subdue my fear i decided to call their customer care line and the guy that picked it told me that its just a minor issue they hv fixed. I asked if am safe wt the transaction i did yesday and he said i shouldn't panic that am safe and right nw everytin is okay. My first point of call is to check my acct balance which is stil intact.

, ,