Virtual loot of Rs 94 crore from Pune bank via ATMs in 28 countries

By Quaid Najmi  

Pune, Aug 14:  India’s banking sector was rudely shaken up after an international gang of hackers siphoned off Rs 94.42 crore from the Cosmos Cooperative Bank Ltd, through multiple ATM swipes in 28 countries worldwide, top officials said here on Tuesday.

Milind A. Kale, Chairman of the country’s second oldest and second biggest cooperative bank in terms of financial set-up (deposits and advances), promptly assured its 20 lakh account holders in 140 branches across India that their “monies are safe” and not to resort to panic withdrawals.

The Cosmos Bank admitted that it was cyber-attacked twice, first on Saturday and again on Monday – with ATM withdrawals taking place in at least 28 countries, leading to a FIR being lodged by a senior official with Chaturshringi Police Station.

Banking expert Vishwas Utagi said “this is just a pilot project of the global hackers with the Cosmos Bank being a successful test run” and sounding an alarm to the Indian banking sector, the service providers and the IT departments of each bank.

“This has never been witnessed before, the manner in which the bank’s servers at the payment gateway levels were hacked and the monies transferred around the world before they could be prevented. It is an aattack on national security and all concerned authorities including the Reserve Bank of India (RBI) must take serious note of future risks,” Utagi told IANS.

Kale said that after the malware attack on the critical communication system between various payment gateways was hacked, the hacker gangs were informed simultaneously in 28 countries and they immediately started the withdrawals.

“The actual number of cards compromised is around 450, but they made multiple withdrawals from each card and the final figure has built up to Rs 94.24 crore,” Kale told IANS.

The bank has retrieved the complete data of each card hacked, the number of transactions, the card numbers and the particular ATMs in 28 countries worldwide where they were used along with the timings to help the investigations, Kale said.

“In view of the sensitive nature, we cannot disclose the countries, the banks or ATMs locations which may jeopardise the probe,” Kale said. The probe is being carried out by Crime Branch’s Inspector Vaishali Galande along with Pune Cyber Crime Cell.

In its police complaint, the Cosmos Bank said the first attack took place on August 11 (a bank holiday) between 3 p.m. and 10 p.m. and the second on August 13 around 11.30 a.m., affecting its headquarters on Ganeshkhind Road.

“We have appointed a professional forensic agency to investigate this malware attack. It will submit its report in the next few days regarding the modus operandi of this and the exact numbers and values of the transactions,” Chairman Kale told the media.

He said that normally, the Core Banking System (CBS) receives debit card payment requests via its ‘Switching System’. But during the Malware attack, a proxy switch was created and all the fraudulent payment approvals were passed through the proxy switching system.

On Saturday, around Rs 78 crore was withdrawn through ATMs located in 28 countries through 12,000 Visa Card transactions, Kale said. These were transferred out of the country, including bank accounts in Hong Kong.

Another amount of Rs 2.50 crore from 2,849 Rupay Card transactions was transferred within India, details of which were being investigated by the police.

The cyber attack came to light on Saturday when the bank noticed “unusual repeated transactions taking place through its Visa and Rupay Debit Card Payment System”, Kale said.

As soon as these suspicious transactions were reported, the bank reacted by clamping a shutdown on its Visa and Rupay debit card payment systems, besides its entire ATM network for the next two days, pending investigations.

The global service provider Visa is also reported to have alerted the RBI. Kale said the outstandings to both Visa and Rupay – Rs 78 crore and Rs 2.50 crore respectively – were settled on Monday.

A police officer said that during those 150 minutes (2.30 hours), some unknown persons hacked into the ATM Switch (servers) at the bank’s headquarters and acquired the sensitive data of its Visa and RuPay debit card customers, and there were multiple transactions in 28 countries with a total of Rs.80.50 crore (Visa + Rupay) vanishing.

As the bank tried to grapple with the crisis, a fresh virtual attack was mounted on Monday (August 13), when the hackers initiated SWIFT transactions and within minutes transferred Rs 13.92 crore to the accounts of “ALM Trading Ltd,” with Hang Seng Bank, Hong Kong. The amounts were soon withdrawn from that bank.

Kale pointed out that the Malware attack was on the Switch System which is operative for the payment gateway of Visa/Rupay debit cards and not on the Cosmos Bank’s CBS, implying that “the customers’ accounts and their balances were not at all affected.

“None of the fraudulent transactions is debited to any customer accounts and will not be debited in future too. The Savings, Term Deposits and Recurring accounts of the depositors are totally safe,” Kale declared.

He said the 112-year old Bank’s servers and other systems were inspected annually by the RBI Audit and System Audit. (IANS)