Virtual loot of Rs 94 crore from Pune bank via ATMs in 28 countries


Pune, Aug 14 (IANS): India's banking sector was rudely shaken up after an international gang of hackers siphoned off Rs 94.42 crore from the Cosmos Cooperative Bank Ltd, through multiple ATM swipes in 28 countries worldwide, top officials said here on Tuesday.

Milind A. Kale, Chairman of the country's second oldest and second biggest cooperative bank in terms of financial set-up (deposits and advances), promptly assured its 20 lakh account holders in 140 branches across India that their "monies are safe" and not to resort to panic withdrawals.

The Cosmos Bank admitted that it was cyber-attacked twice, first on Saturday and again on Monday - with ATM withdrawals taking place in at least 28 countries, leading to a FIR being lodged by a senior official with Chaturshringi Police Station.

Banking expert Vishwas Utagi said "this is just a pilot project of the global hackers with the Cosmos Bank being a successful test run" and sounding an alarm to the Indian banking sector, the service providers and the IT departments of each bank.

"This has never been witnessed before, the manner in which the bank's servers at the payment gateway levels were hacked and the monies transferred around the world before they could be prevented. It is an aattack on national security and all concerned authorities including the Reserve Bank of India (RBI) must take serious note of future risks," Utagi told IANS.

Kale said that after the malware attack on the critical communication system between various payment gateways was hacked, the hacker gangs were informed simultaneously in 28 countries and they immediately started the withdrawals.

"The actual number of cards compromised is around 450, but they made multiple withdrawals from each card and the final figure has built up to Rs 94.24 crore," Kale told IANS.

The bank has retrieved the complete data of each card hacked, the number of transactions, the card numbers and the particular ATMs in 28 countries worldwide where they were used along with the timings to help the investigations, Kale said.

"In view of the sensitive nature, we cannot disclose the countries, the banks or ATMs locations which may jeopardise the probe," Kale said. The probe is being carried out by Crime Branch's Inspector Vaishali Galande along with Pune Cyber Crime Cell.

In its police complaint, the Cosmos Bank said the first attack took place on August 11 (a bank holiday) between 3 p.m. and 10 p.m. and the second on August 13 around 11.30 a.m., affecting its headquarters on Ganeshkhind Road.

"We have appointed a professional forensic agency to investigate this malware attack. It will submit its report in the next few days regarding the modus operandi of this and the exact numbers and values of the transactions," Chairman Kale told the media.

He said that normally, the Core Banking System (CBS) receives debit card payment requests via its 'Switching System'. But during the Malware attack, a proxy switch was created and all the fraudulent payment approvals were passed through the proxy switching system.

On Saturday, around Rs 78 crore was withdrawn through ATMs located in 28 countries through 12,000 Visa Card transactions, Kale said. These were transferred out of the country, including bank accounts in Hong Kong.

Another amount of Rs 2.50 crore from 2,849 Rupay Card transactions was transferred within India, details of which were being investigated by the police.

The cyber attack came to light on Saturday when the bank noticed "unusual repeated transactions taking place through its Visa and Rupay Debit Card Payment System", Kale said.

As soon as these suspicious transactions were reported, the bank reacted by clamping a shutdown on its Visa and Rupay debit card payment systems, besides its entire ATM network for the next two days, pending investigations.

The global service provider Visa is also reported to have alerted the RBI. Kale said the outstandings to both Visa and Rupay - Rs 78 crore and Rs 2.50 crore respectively - were settled on Monday.

A police officer said that during those 150 minutes (2.30 hours), some unknown persons hacked into the ATM Switch (servers) at the bank's headquarters and acquired the sensitive data of its Visa and RuPay debit card customers, and there were multiple transactions in 28 countries with a total of Rs.80.50 crore (Visa + Rupay) vanishing.

As the bank tried to grapple with the crisis, a fresh virtual attack was mounted on Monday (August 13), when the hackers initiated SWIFT transactions and within minutes transferred Rs 13.92 crore to the accounts of "ALM Trading Ltd," with Hang Seng Bank, Hong Kong. The amounts were soon withdrawn from that bank.

Kale pointed out that the Malware attack was on the Switch System which is operative for the payment gateway of Visa/Rupay debit cards and not on the Cosmos Bank's CBS, implying that "the customers' accounts and their balances were not at all affected.

"None of the fraudulent transactions is debited to any customer accounts and will not be debited in future too. The Savings, Term Deposits and Recurring accounts of the depositors are totally safe," Kale declared.

He said the 112-year old Bank's servers and other systems were inspected annually by the RBI Audit and System Audit.

  

Top Stories

Comment on this article

  • Vincent Rodrigues, Bengaluru/Katapadi

    Wed, Aug 15 2018

    Where things are going wrong for ransom looting of public money in the bank to be investigated,

    DisAgree Agree [1] Reply Report Abuse

  • Ken, Mlore/DXB

    Wed, Aug 15 2018

    This was highlighted by FBI and recently the article was published again.
    https://krebsonsecurity.com/2018/08/fbi-warns-of-unlimited-atm-cashout-blitz/
    All banking institutions needs to take care of this and improve on their security to ensure that such incidences dont happen.

    DisAgree Agree Reply Report Abuse

  • Peter L, Udupi

    Wed, Aug 15 2018

    Atleast Cosmos Bank managed to count how much money was stolen, BUT RBI IS STILL COUNTING OLD DEMONETISED NOTES.....

    DisAgree Agree [3] Reply Report Abuse

  • SMR, Karkala

    Wed, Aug 15 2018

    BJP Prime Minister Modi's 'Digital India' ke side effects. If bank accounts are not safe from International hackers how did 'Aadhar Card' is safe which was thrown to hackers for challenge.

    Hope these hackers from 28 countries are not using 'PayTM' or say Pay to Modi.

    Jai Hind

    DisAgree Agree [3] Reply Report Abuse

  • Sahil, Mangaluru

    Wed, Aug 15 2018

    Time to withdraw money and better to keep the money in our home locker with proper receipt .incase IT ask.

    Our all IT brain sold to western countries we don't have till date our own proper software in banking system .so pathetic and shameful for our own mess up.

    DisAgree [1] Agree [4] Reply Report Abuse

  • Rolf, Dubai

    Tue, Aug 14 2018

    But our EVM machines cannot be hacked .

    DisAgree Agree [18] Reply Report Abuse

  • JAYESH.S., KARKALA

    Tue, Aug 14 2018

    YES...THERE IS NO NEED OF PANIC BUT PRECAUTION AND MONITORING IS REQUIRED. COSMOS BANK MANAGEMENT ALWAYS TRY TO DILUTE THE RISK AS THEY DID AT THE TIME OF ROSARY ISSUE WHERE NPA% DILUTED IT'S CRR. RBI BAILED THEM OUT THAT TIME BY ALLOWING THEM TO ACCEPT QUASI CAPITAL DEPOSITS.
    IT'S GOOD SERVICE ORIENTED BANK WITH EFFICIENT PERSONAL BANKING BUT SEEMS TO LACK SECURITY MEASURES, SO PRECAUTION IS REQUIRED. DONT TAKE TOO MUCH EXPOSURE DEPENDING ON YOUR OVERALL INVESTMENTS.

    DisAgree [8] Agree Reply Report Abuse

  • SJM, Mangalore

    Tue, Aug 14 2018

    Time has come to dismiss Chowkidhaar.

    DisAgree Agree [24] Reply Report Abuse

  • pooki, mangaluru

    Tue, Aug 14 2018

    All after feku goberment of 2014..This might be a ploy by the bank authorities also to cover up eaten funds. Cannot believe anyone now in India after 2014

    DisAgree Agree [21] Reply Report Abuse

  • Jenifer, Mangalore

    Tue, Aug 14 2018

    So far, I had been trusting the banks to keep my FD receipt - I did not have anything else but a net-banking link to see the status/maturity date.

    Hereafter, I will make sure to take the receipt, so that I at-least have a physical proof of my FDs. Bhaad-mein gaya 56" seena waala ka Digital India !

    DisAgree Agree [22] Reply Report Abuse

  • Francis lobo, MANGALORE

    Tue, Aug 14 2018

    Still banks can increase their NPA and say bankrupt. Your printed documents will also be one wastepaper. Today banks are not bothered what they do with public money. Govt will merge bankrupt banks and say they cannot Pay you back. Bank managers have also become like pigmy collectors and give it to bank and will not be knowing what happens with it. Please show one bankrupt bank MD or CEO who is arrested or penalised.

    DisAgree [1] Agree [7] Reply Report Abuse

  • Jossey Saldanha, Mumbai

    Tue, Aug 14 2018

    Why only after 2014 ...

    DisAgree [2] Agree [19] Reply Report Abuse

  • HENRY MISQUITH, Bahrain

    Tue, Aug 14 2018

    We need to take these threats seriously. Hire the Big Brains of Technology and stop messing around.

    DisAgree Agree [19] Reply Report Abuse

  • Jossey Saldanha, Mumbai

    Tue, Aug 14 2018

    Mr. 56 is rushing back to India ...

    DisAgree [1] Agree [20] Reply Report Abuse

  • Swamy, Mangalore

    Tue, Aug 14 2018

    After all Modi hasn't simply traveled so extensively worldwide from tax payers money and visited these 28 countries for peanuts.

    DisAgree Agree [21] Reply Report Abuse


Leave a Comment

Title: Virtual loot of Rs 94 crore from Pune bank via ATMs in 28 countries



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.