Cosmos Bank, one of the oldest co-operative banks in India having a glorious history of 112 years, has been robbed by a gang of international hackers.
Rs 94 crore was siphoned-off, in a matter of few hours.
How did this happen? Read on to know more!
Modus Operandi Of The Hack
Between August 11 and August 13, Cosmos Bank in Pune was robbed of Rs 94 crore, via 12841 transactions spread across 28 countries.
In layman terms, the hackers fooled the servers of the bank, and led them to authorize fake transactions (around 12,000).
This is how it happened:
Target: ATM Switch
ATM Switch is a system which allows users to withdraw cash from ATMs, and to change PINs and other operations.
Hackers targeted ATM Switch of Cosmos Bank on August 11th, and fooled the servers to authorize over 12,000 transactions.
Generally, banks use National Financial Switch (NFS) ATM system of the NPCI.
Now, in order to withdraw money, they cloned debit cards of VISA and RuPay, and used them to withdraw cash from 28 countries, via 12,000+ transactions.
In a way, the hackers linked these cloned, dunny debit cards with the main switch of the bank, and then withdrew the cash as the transactions was already authorized.
As per reports, 14,849 transactions amounting to Rs 80 crore were conducted, as a result of this hack. Out of this, Rs 78 crore worth of withdrawals happened via VISA Cards.
Visa has said that they were “able to identify the issue quickly, enabling the financial institution to take appropriate action”
Target: SWIFT System
After this was stopped, the hackers used SWIFT to withdraw Rs 13.94 crore from the bank.
They hacked the SWIFT platform, which is used to authorize international transactions, and routed Rs 13.94 crore to an account of ALM Trading Limited in Hanseng Bank in Hong Kong.
Quick Action Taken By The Bank
The bank responded quickly to the hack.
Cosmos Bank chairman Milind Kale said, “The bank turned off its servers and all internet banking applications after noticing several erratic and abnormally high transactions.”
As per the bank officials, the actual process of withdrawing money happened for 2 hours and 13 minutes, wherein 14,000+ transactions of $100 to $2500 were done across 28 countries.
In India, 2800 transactions were done to withdraw money using this hack, which amounted to Rs 2.5 crore.
The bank has assured that their customer’s money is safe.