SWIFT Hacking exposes Indian Banks to huge Risks

The hacking of a Bangladeshi Bank last February where about $81 million was transferred by fraudsters hacking into the SWIFT Inter Bank money transfer system is a grim reminder of the weaknesses in our Banking eco system.

The detailed account of this heist as explained here, 

bank_heist_1

The article explains the suspected modus operandi used by hackers to book 35 fraudulent transfers amounting to nearly US$ 1Billion from the Central Bank of Bangladesh to  Federal  Bank of New York. By by some grace of God only 4 of these transactions were carried through and the loss was limited to $81 million. The principle cause could be the compromise of the access credentials of one of the Bank employees with a malware. What compounded the problem was the delays in cross verification arising out of holidays first in Bangladesh and then in New York  exposing the Bank to the huge loss.  Finally what prevented 30 transactions to be held up by the New York Bank was that one of the e-mail addresses contained the word “Jupiter” which was a black listed name of an Iranian Oil Vessel subject to certain sanctions. One transaction failed due to a spelling mistake.

Now a clear 4 months later a similar attack seems to have been repeated on one of the Indian Banks in Mumbai which again by a stroke of luck did not go through.

The incident has been reported in Economic Times here.

bank_heist_2

This time the US Bank was a little more alert to identify an unusual transaction and the Indian Bank was saved. At this point of time it is not clear which was the Bank involved except that it was a public sector Bank with headquarters in Mumbai. The Economic Times report indicates that the Stock Exchange has not been informed of the attempted fraud which should be considered as a violation of the SEBI norms.

The CERT IN guidelines require that the information regarding such security breaches need to be reported to them and even the latest RBI guidelines mandate reporting of such incidents. However Banks continue to hide the incidents and keep their investors in the dark until one day such frauds blow up on their faces.

One thing however is clear from these incidents that the security systems within the Banks has several short comings and if even the SWIFT transactions are unsafe, one can wonder how safe are the RTGS transactions.

Just like the Banks, customers also should pray for luck to be on their side to protect their funds from fraudsters!

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.