16 July 2018
Visit www.gemalto.com

Indian bank hack bears hallmarks of Bangladesh Bank heist

20 February 2018  |  7743 views  |  4 Indian flag 2

Two years after the infamous Bangladesh Bank hack, an Indian bank says that cybercrooks compromised the bank's connection to the Swift messaging system to make three fraudulent transfers worth nearly $2 million.

In a statement, City Union Bank says that it found the three fraudulent transactions during its reconciliation process on 7 February.

The previous day, the hackers had managed to disconnect the City printer connected to Swift, meaning that the bank did not receive acknowledgement messages for the transactions.

One of the payments, a $500,000 transfer made through Standard Chartered Bank, New York to a Dubai-based bank was blocked immediately and the funds returned to City. Another, for EUR300,000 made through Standard Chartered Bank, Frankfurt to a Turkey-based bank has been blocked in the beneficiary's account. The third payment, for $1 million was made through BofA to a China-based bank and has already been claimed by someone submitting forged documents.

In an interview, City Union Bank CEO N Kamakodi told Reuters that there are similarities with the Bangladesh Bank hack, which saw crooks use malware to disable the Swift printer before stealing $81 million.

In contrast, the bank has been keen to stress that, contrary to some early reports, there is no evidence of its staff being involved in the crime.

Speculation about an inside job bubbled because of a scandal that has emerged in recent days at a Mumbai branch of Punjab National Bank, where a manager is accused of a six-year operation that saw $1.8 billion in fraudulent transactions made.

The manager and a subordinate have been arrested, accused of colluding with, among others, a billionaire jeweller called Nirav Modi.

According to court documents reviewed by Reuters, branch deputy manager Gokulnath Shetty issued a series of fraudulent Letters of Undertaking to other banks so that they would provide loans to a group of Indian jewellery companies.

He did this using the bank’s Swift system to log in with passwords that allowed him to not only send the messages but also review them for approval. He then failed to record the transactions on the bank's internal system - something required because the software was not linked to Swift.

News of the Union Bank heist comes just days after reports that a Russian bank last year lost $6 million to cybercrooks in an attack that took advantage of internal security weaknesses in the bank's gateway to Swift.

In a statement to Finextra, a Swift spokesperson says: "Swift does not comment on individual customers or entities. When a case of potential fraud is reported to us, we offer our assistance to the affected user to help secure its environment. We would like to reassure our customers that there is no indication that our network and core messaging services have been compromised.”

Comments: (4)

Hitesh Thakkar
Hitesh Thakkar - FIS Payments Software and Services India - India 20 February, 2018, 15:16

Hackers can target SWIFT centers of India's banks as employees themself are also part of fraudulent activities and that also larger magnitude than hackers :)

One of the common thing observed between SWIFT transactions posting across the globe and India are quite different. MAjoe difference is transaction posting through internal system with multiple autorisation and its ledger posting for recon. which can be easily bypass in Indian scenario.

1 thumb up! 1 thumb up!
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 21 February, 2018, 16:41

@HiteshThakkar:

TY for your comment, which has helped elevate my understanding of the anatomy of the PNB scam a little bit. Would be great if you could share your thoughts on (1) How did this fraud go undetected for so many years? (2) What's the most common workflow used by other banks that'd prevent even a single instance of this fraud?

AFAIK, human users initiate payment transactions on core or other payment processing systems, after which the message is untouched by human hands as it is submitted automatically by those systems to the SWIFT Gateway system, which then sends it out to the SWIFT network. But, even in that workflow, I'm guessing sysadmins can still input a payment directly on the SWIFT Gateway. Any idea how a bank can prevent that from happening?

1 thumb up! 1 thumb up!
Hitesh Thakkar
Hitesh Thakkar - FIS Payments Software and Services India - India 21 February, 2018, 17:06

@Ketharaman

1. SWIFT Alliance is common system used by most of the banks and banks in India also use by building SWIFT message room (barring few banks may be having it's own system build). PC Connect is commonly used as client to post transactions directly but due to license cost it's not used for large foot print branches.

This leaves cheaper branch to SWIFT center solutions where branch transactions are posted to SWIFT center. At SWIFT center transaction posting by SWIFT center officials ( typically in maker checker way) for each transactions posted by branches. Here also each SWIFT message is directed to Printer as Print Ledger copy used by Tresuary team but in case of PNB and other frauds printer is made offline, passwords are shared so used for maker checker login to post transactions directly to SWIFT - it goes unnoticed for months as officers do not change becuase SWIFT operations needs learning curve to build and most banks fails to do so ( My Tenure of 1992 to 2004 - I have seen single officer in SWIFT center of several PSU/Priavate banks :)) so it's easy to manage.

2. Barring Human errors and frauds, PC Connect is used by several banks which has less Forex services designated centers or sometime single regional center with PC Connect and all branches direct the customer transactions through it solves issue as it gets posted directly to SWIFT from PC Connect with proper logs.

one of the way for large foot print banks can be to build interface in CBS clients to post transactions which can post it across various Recon/survellience and compliance system to ensure control and checks at various stage.

Be the first to give this comment the thumbs up 0 thumb ups!
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 21 February, 2018, 17:37

@HiteshThakkar: Thanks a lot. 

1 thumb up! 1 thumb up!
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Central banks seek better wholesale payments security

Central banks seek better wholesale payments security

29 September 2017  |  6609 views  |  0 comments | 7 tweets | 6 linkedin
Swift introduces tool to help banks spot fraudulent messages

Swift introduces tool to help banks spot fraudulent messages

12 April 2017  |  8618 views  |  1 comments | 6 tweets | 18 linkedin
Bangladesh Bank retrieves $15m stolen by hackers

Bangladesh Bank retrieves $15m stolen by hackers

14 November 2016  |  4808 views  |  0 comments | 3 tweets | 3 linkedin
Philippines central bank hits cyber-heist institution with $21 million fine

Philippines central bank hits cyber-heist institution with $21 million fine

05 August 2016  |  7152 views  |  0 comments | 6 tweets | 11 linkedin
Swift warns of second victim of bank hackers

Swift warns of second victim of bank hackers

13 May 2016  |  12099 views  |  5 comments | 11 tweets | 21 linkedin
Swift warns banks of malware threat

Swift warns banks of malware threat

25 April 2016  |  10510 views  |  0 comments | 16 tweets | 12 linkedin
No firewall and $10 routers blamed in Bangladesh Bank heist

No firewall and $10 routers blamed in Bangladesh Bank heist

22 April 2016  |  20635 views  |  2 comments | 20 tweets | 18 linkedin
Poor spelling thwarts Bangladesh Bank hackers

Poor spelling thwarts Bangladesh Bank hackers

10 March 2016  |  9937 views  |  1 comments | 17 tweets | 12 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit https://secure.vasco.comVisit info.nice.comVisit www.aciworldwide.com

Top topics

Most viewed Most shared
Flux ready for take-off on Barclays Launchpad; scores trial with Costa CoffeeFlux ready for take-off on Barclays Launch...
10554 views comments | 4 tweets | 9 linkedin
Handelsbanken trials micro contactless cardsHandelsbanken trials micro contactless car...
9573 views comments | 18 tweets | 30 linkedin
PayPal ready to spend $3bn a year on acquisitionsPayPal ready to spend $3bn a year on acqui...
8113 views comments | 13 tweets | 17 linkedin
Championing financial inclusion and helping the UnstoppablesChampioning financial inclusion and helpin...
8109 views comments | 3 tweets | 1 linkedin
No greater change will occur than that in financial servicesNo greater change will occur than that in...
7663 views comments | 7 tweets | 13 linkedin

Featured job

Find your next job