Withdrawals from 28 countries with cloned ATM cards: How hackers targeted Cosmos Bank
On August 11 and 13, unidentified hackers targeted Cosmos Bank’s ATM switch server and stole details of VISA and Rupay ATM cards.
Following a hacking of servers of city-headquartered Cosmos Bank, ₹78 crore were withdrawn “physically” from 28 countries including the UK, USA, Russia and the UAE using cloned ATM cards, police said on Friday.
On August 11 and 13, unidentified hackers targeted the bank’s ATM switch server and stole details of VISA and Rupay ATM cards. They also attacked the interbank SWIFT system, and syphoned off ₹94 crore in total.
“The United Kingdom, United States, Russia, United Arab Emirates and Canada are among 28 countries from where ₹78 crore were withdrawn physically, using cloned cards,” said Jyotipriya Singh, Deputy Commissioner of Police (Cyber and Economic Offences Wing).
The cyber cell was getting in touch with law enforcement agencies of these countries for further action, she said.
The hackers must have done some kind of “recce” (study) of the bank’s system, she said.
“We suspect that the bank must have received some sort of alerts before the attack and we are waiting for the security audit report from the bank,” DCPSingh said.
The cyber cell’s aim now is to find out the “money mules” who were used to withdraw the money using ATMs in foreign countries, she said.
The police have recovered around ₹four lakh from the genuine Cosmos cardholders, who had visited ATMs when the malware (malicious software installed by hackers in the bank’s system) was active and withdrew more money than their account balance, she said.
“These people are original cardholders, who, out of greed, withdrew money from the ATMs during the time the malware or proxy switch server was active,” Singh said.