SEPO Hacks Major sites in Ghana, Africa. Questions Security of User Data on Financial Institutions’ Sites

Over the past few months several websites in Africa has been under attack by SEPO, a master’s degree holder in economics and a hacker, who considers himself to be a gray hat that turns into a black hat if corrupt companies, governments, or Anonymous targets are involved. He is known for targeting major African and Middle Eastern companies and financial institutions such as the national diamond company of Angola and the Fidelity Bank of Ghana.

“Another bank of Ghana was hacked today. Just take a look and you’ll see how simple it was. What it means? It means that there is no any kind of security even on paper. People of Ghana, call your bank support and ask them about the security of your accounts, your money. Tell them to stop spending your money. Ask your government where is your economy of Ghana. Ask this 1% how did they spend your money…”, the hacker posted on his blog after hacking a major Ghanaian bank.

The hacker, has hacked about 150 sites worldwide mostly banks, shops, TV and radio, government websites etc between 2010 and first week of February, 2012, according to an interview granted to Softpedia  News.

“Most of time I contact the administrators to tell them that I’m going to publish some info. If they respond, I let them close all vuln’s and only after I publish the info. If they don’t contact me and don’t pay attention to my emails – that is only their problem.”I am a gray hat. I help administrators if they ask for my help. If I hack a website, I never publish all the database, all the accounts. I am making just PoC, sharing to administrators that their website can be hacked.

If there is a website sharing some content that can disturb anyone, or if it’s working only for money, or working for governments and it is on the list of Anonymous’ targets, I become a black hat.
I don’t look to deface websites. I don’t know why. I’m looking at how other hackers are defacing site by site and I like it, but I don’t like to do it by myself.”, SEPO said in the interview.

The hacker is part of Anonymous movement,  a collection of online individuals, or “hacktivists”, who share common ideas, and had participated in DDOSing VISA, MASTERCARD, PayPal and the FBI. He believes every day one or two Ghanaian bank website’s are hacked. These raise serious security concerns over the protection of sensitive user data and accounts by these financial institutions. “I thought bank’s websites are more secure… And private data of simple users can’t be stolen, but… you can see the how banks are protecting your data.” Most of these hacked data including passwords usernames, emails, server and database information are posted in Pastbin, a website where you can store text for a certain period of time and can be view by anyone used mostly by hackers and computer programmers.

What do you think of the security questions ask of the financial institutions about the protection of sensitive user data and account information? Let’s discuss them in the comments below.

Danny Kofi-Armah

Follow me on twitter: Connected Africa