15,000 transactions in 7 hrs: Cosmos Bank’s server hacked, ₹94 cr moved to Hong Kong
The servers of India’s second largest cooperative bank were hacked on August 11 and August 13. The cybercriminals carried out 15,000 transactions
A multinational hacking ring allegedly stole ₹94 crore from the Pune-headquartered Cosmos Bank on August 11 and 13, mainly by gaining access to the bank’s systems.
The sophisticated attack seems to have involved a malware attack on the bank’s ATM server to gain credit and debit card details of customers; the approval of unauthorised transactions using these cards, often in excess of the amounts available for withdrawal in these accounts; and a SWIFT (a sort of money telegram between banks) transaction, again unauthorised, on the bank.
Cosmos Bank chairman Milind Kale described the cyber crime as an attack on the Indian banking industry from multinational cyber criminals operating from 22 nations. Addressing a press conference on Tuesday, he said none of the fraudulent transactions have been debited to any of the customer’s accounts.
The Pune police commissioner K Venkatesham said experts from the Mumbai police and the local cyber crime investigation team have initiated investigations.“We have sought more details, especially technical details of logs from the bank. We are in constant touch with our headquarters and briefing them about the case ,” he said.
An FIR was lodged against unidentified persons by a bank executive Suhas Subhash Gokhale (53) under Indian Penal Code (IPC) sections 379 (theft), 420 (cheating),120 (B) (conspiracy) and 34 and sections 43,65,66 (C) and 66 (D) of the Information Technology Act at Chatushringi Police Station on Monday night.
The attack may have originated from Canada, where many of the transactions were conducted, according to bank officials who asked not to be identified.
The FIR stated that during the malware attack, a proxy switch was created and all payment approvals were passed by the proxy switching system.
In the first attack on August 11, using stolen card details, approximately ₹78 crore was withdrawn in transactions in 28 countries. This included around 12,000 Visa card transactions. On the same day, approximately, ₹2.5 crore was withdrawn through 2,800 debit card transactions in India at various locations.
On August 13, the hackers transferred ₹13.94 crore into an account in the Hang Seng Bank in Hong Kong by initiating a SWIFT transaction.
The bank has appointed a professional forensic agency to investigate the malware attack.The details of the exact amounts siphoned off during the attack will also be ascertained.
Kale said that the bank has obtained forensic information which shows minute-by-minute record of logs of the transactions which took place around the world.
The incident came to light on August 11, Saturday, when unusual, repeated transactions were taking place through ATM Visa and Rupay cards for nearly two hours.
As soon as the suspicious transactions were reported, the bank immediately shut down its Visa and Rupay Debit card payment system.
The bank has described the cyber fraud as “a malware attack on the switch which is operative for the payment gateway of VISA and Rupay Debit Card and not on the core banking system of the bank”. Still, the extent of the hack will become clear only after the forensic investigation is complete.
Kale said savings, term deposits and recurring accounts of depositors are totally safe and also claimed the bank had met every safety requirement of the Reserve bank of India. The bank has appealed to its customers to remain calm and not to panic and continue to repose faith and trust on the 112 year old bank.