Hack of a bank and the exposure of dirty hands
Hack of a bank and the exposure of dirty hands
Bank Sepah, following reports on social media about a group called Codebreakers infiltrating its systems and exposing information of thousands of military and civilian customers, has threatened media and citizens with legal action if they republish this information.
In its statement, Bank Sepah once again denied the hacking of its systems, but at the same time stated that given the bank’s position with the armed forces and the importance of confidentiality regarding military and security institutions’ information, any republishing of the leaked data, especially concerning military entities, will be considered a breach of confidentiality and could lead to legal prosecution.
The hacker group Codebreakers has released some information on the wealthiest customers of Bank Sepah, one of the most significant being the assets of Sardar Hassan Polarak, the former head of the Headquarters for the Reconstruction of Holy Shrines, showing he has a deposit of 634 billion tomans in Bank Sepah alone. The top individual on this list has assets of 768 billion tomans. The group also released information on 13 semi-private companies, each having taken loans exceeding 100 billion tomans.
On the sixth of Farvardin, Codebreakers announced through images that they had hacked the information of Bank Sepah’s customers, which is also known as a military bank. The group claims to have over 12 terabytes of data from 42 million Bank Sepah customers between the years 1304 to 1404.
The hackers gave Bank Sepah 72 hours to negotiate to prevent the sale of the information.
Radio Farda cannot independently verify the authenticity of this hack, but the threat to media and individuals by Bank Sepah could be a strong indication of the confirmation of the hack or data theft, which has been a topic of discussion among many social media users and information security experts in recent days. They have called for transparent accountability, technical review, and responsibility acceptance by the bank’s officials. Criticism is also directed at Bank Sepah’s denials, which in response to the cyber intrusion claim, stated that the bank’s systems are unhackable and called the matter a complete lie.
Who is Hassan Polarak, the second person on the list?
Some social media users, including Ali Sharif Zarchi, a faculty member at Sharif University of Technology, have questioned what 634 billion tomans are doing in just one personal account of Hassan Polarak, the former head of the Headquarters for the Reconstruction of Holy Shrines at Bank Sepah, while people are in need of daily bread.
Mr. Polarak, born in Rafsanjan and one of the commanders of the Quds Force of the Islamic Revolutionary Guard Corps, was a longtime friend of Qasem Soleimani, the former commander of the Quds Force, who was killed in January 2020 in a US drone strike on the convoy carrying him and his companions. Hassan Polarak, who was sanctioned by the US Treasury Department in April 2020, is also active in the private sector and in 2010, along with his son Hadi Polarak, founded the Yeganeh Andish Investment Company, whose names were also mentioned in the Sarmayeh Bank corruption case.
Under this company, companies such as Rayan Automobile Manufacturing, Blue Parastoo Arg, Dan Ertebat Goya for car parts import, food production, and Radkish for cosmetics import were active.
The first two companies initially belonged to Hossein Marashi, a reformist economic activist from Kerman, and after a while were sold or transferred to the Polarak family, who were considered part of Qasem Soleimani’s circle in Kerman province. In the third step, the father and son transferred these companies to the Yas Holding affiliated with the Cooperation Foundation of the Revolutionary Guards.
Yas Holding, one of the most powerful economic entities of the Revolutionary Guards, was dissolved in February 2018 after widespread corruption and the arrest of its senior managers, including Masoud Mehrdadi and Mahmoud Saif.
The Polarak family also had close ties with other notable figures from Kerman, namely the Jahangiri brothers.
Hassan Polarak worked as an advisor to Eshaq Jahangiri, the First Vice President of Iran, and had economic partnerships with Mehdi Jahangiri in some companies. Mr. Jahangiri was later found guilty in an economic corruption case and sentenced to prison.
Cyber hacks in recent years
In recent years, the information of customers from various Iranian banks has repeatedly been targeted by cyber breaches and bought and sold on the internet and social media.
However, banks have usually denied these attacks, and the Central Bank has remained silent in the face of these incidents.
In past years, there have been numerous other reports of similar hacks in banks such as Bank Melli, Bank Ayandeh, Bank Shahr, and even digital intermediary companies. Some of these attacks were carried out by international groups like Anonymous. Additionally, a report by the American publication Politico claimed that the Islamic Republic of Iran paid at least three million dollars in ransom through the Tosan Company to prevent the disclosure of information from 20 domestic banks.
Reports from domestic media indicate weak banking security infrastructure in the country, the lack of seriousness in securing customer information, and the neglect of these incidents and the damages caused by the leakage of this information to Iranian users.
