Few outside Maharashtra would have heard of Cosmos Bank. But hackers
did — and they targeted the over-a-century-old Pune-headquartered
co-operative bank in a multi-pronged attack to transfer over Rs 94 crore
over multiple days to foreign bank accounts.
About Rs 78 crore was withdrawn in more than 12,000 ATM transactions in 28 countries between 3 pm and 10 pm, India time, on Saturday, Cosmos Bank said. Another 2,800 transactions were made in different places within India, amounting to about Rs 2.5 crore, during the same period. On Monday, Rs 13.5 crore was transferred to a Hong Kong-based entity using the Society for Worldwide Interbank Telecommunications (SWIFT) facility.
Milind Kale, chairman of the 112-year-old cooperative bank, said the illegal withdrawals were enabled by a malware attack which authenticated debit card transactions bypassing the bank’s computerised core banking system (CBS). This would have been preceded by another cyber attack, resulting in data theft of hundreds of the bank’s debit cards. The information on these debit cards would then have been cloned on to fake cards used in physical withdrawal of cash from ATMs across the world.
Payment experts say the fraud involved breaching the firewall in
servers that authorize ATM transactions. After this, a proxy server was
created and transactions authorized by the fake or proxy server. This
meant that the ATMs were being directed to release money without
checking whether the cards were genuine or whether there was a bank
account.
Target 1: The first attack, on August 11, is thought to
have targeted the bank’s debit cards and the ATM Switch — a system that
lets, among other things, withdraw cash from, and change card pins of,
your bank account at an ATM of a different bank. Most banks in India
uses the National Financial Switch (NFS) ATM system of the NPCI.
Method: The hackers are thought to have cloned VISA and
RuPay (of NPCI’s) debit cards to make the transactions, and attacked
the switch to verify them. Bank says the cards were not customers’, but
dummy cards — suggesting hackers “linked” the dummy cards to the bank
using the compromised switch. A total of 14,849 transactions of value
over Rs 80 crore — 12,000 transactions of Rs 78 crore on VISA cards
outside India and the rest of RuPay cards — were made using the method.
VISA says it was “able to identify the issue quickly, enabling the
financial institution to take appropriate action”.
Target 2: Once this was flagged, hackers, on August 13,
attacked another payment system banks use: SWIFT, which validates
international money transfer. On August 13, hackers transferred Rs 13.94
crore from Cosmos to an account with a Hong Kong-bank.
The hunt: The bank has registered an FIR at the local
police station; and says the preliminary probe shows the attack
originated in Canada. But the sophistication of the attacks suggests the
hackers are no amateurs, and thus less likely to leave a trace.
(Hackers use proxy servers to mask the location of their computers)
Cosmos Bank chairman Milind Kale said,
“The bank turned off its servers and all internet banking applications
after noticing several erratic and abnormally high transactions. These
transactions happened over two hours and 13 minutes and were spread
across 28 countries where cloned cards were used to debit several
amounts ranging from $100 (Rs 6,900) to $2,500 (Rs 1.7 lakh).”
‘Customer money is safe in their accounts’
Cosmos Bank reassured its customers on
Tuesday that their money was safe in their accounts and they would be
able to access it digitally and via ATMs once the systems are restored
in a few days. For now, the bank has made provisions for NEFT and RTGS
payments through its branches. Pay-in slip payment and cheque disbursals
will continue as earlier. The bank said the fraud appears to have
originated in Canada.
Source-Times of India
.jpeg)
No comments:
Post a Comment