Indian bank hack bears hallmarks of Bangladesh Bank heist

Two years after the infamous Bangladesh Bank hack, an Indian bank says that cybercrooks compromised the bank's connection to the Swift messaging system to make three fraudulent transfers worth nearly $2 million.

In a statement, City Union Bank says that it found the three fraudulent transactions during its reconciliation process on 7 February.

The previous day, the hackers had managed to disconnect the City printer connected to Swift, meaning that the bank did not receive acknowledgement messages for the transactions.

One of the payments, a $500,000 transfer made through Standard Chartered Bank, New York to a Dubai-based bank was blocked immediately and the funds returned to City. Another, for EUR300,000 made through Standard Chartered Bank, Frankfurt to a Turkey-based bank has been blocked in the beneficiary's account. The third payment, for $1 million was made through BofA to a China-based bank and has already been claimed by someone submitting forged documents.

In an interview, City Union Bank CEO N Kamakodi told Reuters that there are similarities with the Bangladesh Bank hack, which saw crooks use malware to disable the Swift printer before stealing $81 million.

In contrast, the bank has been keen to stress that, contrary to some early reports, there is no evidence of its staff being involved in the crime.

Speculation about an inside job bubbled because of a scandal that has emerged in recent days at a Mumbai branch of Punjab National Bank, where a manager is accused of a six-year operation that saw $1.8 billion in fraudulent transactions made.

The manager and a subordinate have been arrested, accused of colluding with, among others, a billionaire jeweller called Nirav Modi.

According to court documents reviewed by Reuters, branch deputy manager Gokulnath Shetty issued a series of fraudulent Letters of Undertaking to other banks so that they would provide loans to a group of Indian jewellery companies.

He did this using the bank’s Swift system to log in with passwords that allowed him to not only send the messages but also review them for approval. He then failed to record the transactions on the bank's internal system - something required because the software was not linked to Swift.

News of the Union Bank heist comes just days after reports that a Russian bank last year lost $6 million to cybercrooks in an attack that took advantage of internal security weaknesses in the bank's gateway to Swift.

In a statement to Finextra, a Swift spokesperson says: "Swift does not comment on individual customers or entities. When a case of potential fraud is reported to us, we offer our assistance to the affected user to help secure its environment. We would like to reassure our customers that there is no indication that our network and core messaging services have been compromised.”

Related Companies

Swift

1 like

Hackers can target SWIFT centers of India's banks as employees themself are also part of fraudulent activities and that also larger magnitude than hackers :)

One of the common thing observed between SWIFT transactions posting across the globe and India are quite different. MAjoe difference is transaction posting through internal system with multiple autorisation and its ledger posting for recon. which can be easily bypass in Indian scenario.

Report abuse

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 21 February, 2018, 16:41

1 like

@HiteshThakkar:

TY for your comment, which has helped elevate my understanding of the anatomy of the PNB scam a little bit. Would be great if you could share your thoughts on (1) How did this fraud go undetected for so many years? (2) What's the most common workflow used by other banks that'd prevent even a single instance of this fraud?

AFAIK, human users initiate payment transactions on core or other payment processing systems, after which the message is untouched by human hands as it is submitted automatically by those systems to the SWIFT Gateway system, which then sends it out to the SWIFT network. But, even in that workflow, I'm guessing sysadmins can still input a payment directly on the SWIFT Gateway. Any idea how a bank can prevent that from happening?

Report abuse

Hitesh Thakkar - SME - Fintech startups (APAC and Africa) - India 21 February, 2018, 17:06

Be the first to give this comment the thumbs up

0 likes

@Ketharaman

1. SWIFT Alliance is common system used by most of the banks and banks in India also use by building SWIFT message room (barring few banks may be having it's own system build). PC Connect is commonly used as client to post transactions directly but due to license cost it's not used for large foot print branches.

This leaves cheaper branch to SWIFT center solutions where branch transactions are posted to SWIFT center. At SWIFT center transaction posting by SWIFT center officials ( typically in maker checker way) for each transactions posted by branches. Here also each SWIFT message is directed to Printer as Print Ledger copy used by Tresuary team but in case of PNB and other frauds printer is made offline, passwords are shared so used for maker checker login to post transactions directly to SWIFT - it goes unnoticed for months as officers do not change becuase SWIFT operations needs learning curve to build and most banks fails to do so ( My Tenure of 1992 to 2004 - I have seen single officer in SWIFT center of several PSU/Priavate banks :)) so it's easy to manage.

2. Barring Human errors and frauds, PC Connect is used by several banks which has less Forex services designated centers or sometime single regional center with PC Connect and all branches direct the customer transactions through it solves issue as it gets posted directly to SWIFT from PC Connect with proper logs.

one of the way for large foot print banks can be to build interface in CBS clients to post transactions which can post it across various Recon/survellience and compliance system to ensure control and checks at various stage.