Rs 94 crore Cosmos Bank theft: Hackers’ first attempt failed, went unnoticed
Around 2,890 transactions were made in India, totally amounting to Rs 2.5 crore using RuPay cards.
The investigation into the Cosmos Bank malware attack in Pune, which led to the siphoning of Rs 94.42 crore, has revealed that hackers had failed in their first attempt to hack into the international money transfer system. However, this had gone unnoticed, said sources in the police department.
A suspected international hacking ring siphoned nearly Rs 94.42 crore from the pool account of Cosmos Bank on August 11 and 13 through a malware attack. It was carried out in three ways. Rs 78.5 crore was withdrawn from more than 12,000 automated teller machines (ATM) in 28 countries using VISA cards. Around 2,890 transactions were made in India, totally amounting to Rs 2.5 crore using RuPay cards. More than Rs 13 crore was transferred to a Hong Kong-based trading firm through Society for Worldwide Interbank Telecommunications (SWIFT) System — which is used for international money transactions — on August 13.
A senior IPS officer said according to preliminary investigation, the accused’s first attempt failed as they had entered incorrect inputs in the international money transfer system. “They then hacked into [Cosmos] bank’s system, obtained the system’s correct identification number, and then re-entered into the money transfer system,” said a senior IPS officer. “Since they impersonated the bank using a proxy by malware attack, the system processed it and more than Rs 13 crore was transferred abroad,” the officer said.
Cosmos Bank did not get any alert from the core banking system (CBS). It was VISA and SWIFT who alerted the bank about the suspicious transactions, after which the police were informed on August 13. “The vigilance mechanism failed to detect the infiltration because numerous transactions take place almost every minute, making it tough to identify any proxy or suspicious transaction,” the officer said.
Cosmos Bank chairman Milind Kale said he was not aware of the probe findings. “I won’t be able to comment on the development. Why the system could not detect any unauthorised activity can only be ascertained after forensic audit.”
Cosmos Bank has called it an attack on the Indian banking industry from an international hacking syndicate operating from 22 countries. A special investigation team (SIT) of Pune police, headed by deputy commissioner of police Jyoti Priya Singh and monitored by inspector general of police (state cyber police) Brijesh Singh, is carrying out a multi-dimensional investigation meanwhile. Regarding the cloning of cards to make transactions, an official said to clone cards, one must steal the data of account holders, and then clone the cards to withdraw money. “It’s obvious that card details of the customers were not stolen the same day. We are awaiting an audit report to ascertain when exactly the databank was compromised,” he said.
Moreover, the accused had increased the withdrawal limit to enable them to withdraw maximum money. However, even genuine customers had withdrawn money during this time. The police have segregated the 2,890 transactions (made in Beed Kolhapur, Mumbai, Mumbra and other parts of India) into genuine and fraudulent transactions. “Once a fraudulent transaction is identified, we will go and check the CCTV footage of the ATM to identify the accused,” said another officer.
The police have sent letters to banks across countries to obtain information on fraudulent transactions and are also in the process of getting Letter Rogatory (LRs) issued to the authorities in those countries. “We have also sent emails to Hang Seng Bank in Hong Kong to obtain details on the fraudulent transaction made to the account of ALM Trading Limited,” said a senior officer.