PUNE: , one of the oldest urban cooperative banks in the city, was targeted by cyber fraudsters who hacked into its e-system and siphoned off Rs 94.42 crore on August 11 and 13.
The cyber attack came just before a recent FBI warning to global banks that cyber criminals were planning a choreographed, global known as an “ATM cash-out”. The bank, though, has reassured its customers that their accounts were safe.
In his complaint lodged with the Chatushrungi police station on Monday night, the bank’s managing director Suhas Gokhale said that on August 11, unidentified hackers stole information relating to the bank’s VISA and Rupay card customers through a malware attack on the ATM switch server. The hackers siphoned off Rs 80.50 crore through 14,849 transactions.
The complaint stated that 12,000 transactions worth Rs 78 crore were made using VISA cards outside India while 2,849 transactions worth Rs 2.5 crore were made through Rupay cards in the country.
On August 13, hackers transferred Rs 13.92 crore to the account of one ALM Trading Limited Company in a bank in Hong Kong by initiating the transaction system of Cosmos Bank, the complaint further stated.
The depositors will not be directly affected by the fraud, Cosmos Bank chairman Milind Kale said in a press conference later in the day. “The bank has not compromised on any of its security systems. The RBI had inspected our IT robustness in July. The RBI has also sent four officials to examine the damage caused by the fraud,” he said.
Based on the modus operandi, cybersecurity experts suspected the role of an international hacking group like North Korea’s Lazarus or a similar one. However, the police would not put a finger on who could be behind the attack while the bank would only say that the hacking appears to have originated in Canada. A bank official said a “syndicate” could be involved.
Inspector Vaishali Galande of the Chatushrungi police told TOI, “We have registered a case under the IT Act and other penal offences against unidentified persons. The bank’s head office on Ganeshkhind road houses the main server.”
Galande said, “Around 5pm on August 11, the bank received an alert from VISA about suspicious transactions using the bank’s VISA debit cards. The bank stopped VISA services to ATM cards issued by the bank. Later, some Rupay card holders called the bank about a mismatch in the balance shown in their bank accounts. Following this, the Rupay facility too was shut down.”
Galande said the bank officials carried out an inspection of the server, particularly the one related to VISA and Rupay card facilities, on August 12. “They found that 14,849 suspicious transactions involving Rs 80.50 crore had been made using this server facililty. Another inspection on Monday revealed that the suspects executed another three suspicious transactions using the Swift Message system. In these transactions, Rs 13.92 crore was siphoned off at 11.30am on Monday to the bank in Hong Kong,” she said.
Kale said the bank turned off its servers and all internet banking applications after noticing abnormally high transactions. “These transactions happened over 2 hours and 13 minutes and were made in 28 countries. Cloned cards were used to debit amounts ranging from $100 (Rs 6,900) to $2,500 (Rs 1,72,500). In one particular transaction, the amount withdrawn was as high as $11,000 (Rs 7,59,000),” he said.
After noticing the August 13 fraud, the bank also turned off the system relating to international switch transactions, Kale said.
Kale sounded unsure when asked whether the bank would get back the money. “We will have to work with different countries. Getting the money back will depend on coordination with several agencies,” he said.
The actual loss will be known only after reconciliation with Rupay and Visa. “In the case of Rupay, it will take 2-7 days. For international withdrawals, it will depend on coordination between different agencies,” Kale added.
Get latest news & live updates on the go on your pc with . Download The for your device. in English and other languages.