dna exclusive: $45m Gulf bank fraud and its Halasuru link

Nearly a year after fraudsters broke into two payment processing companies that handled the prepaid cards for two Middle Eastern banks, Bank Muscat and National Bank of Ras Al-Khaimah in the United Arab Emirates, and stole $45 million, only to be caught later by authorities in the US and Europe, the Karnataka police have speeded up their investigation into the hacking issue.

One of the payment processing company that was hacked into is a city-based company enStage Software, situated in Cambridge Road, Halasuru, which managed payments processing for Muscat Bank of the Sultanate of Oman. The bank was gypped of $39 million by the fraudsters.

The Karnataka CID is now pursuing the case, after Muscat Bank complained that someone in enStage Software may have been involved in hacking its data center maintained by the provider.

The modus operandi of the fraudsters involved targeting the pre-paid cards issued by the banks.
They broke into the software of payment processing companies of the two banks and increased the available balance and withdrawal limits on cards issued by the banks. The fraudsters then prepared 12 fraudulent pre-paid travel cards from 8 to 10 countries, which were used to withdraw millions of dollars.

The hacking prompted authorities in the US and Europe to launch an international manhunt. Authorities made arrests soon after in Germany and the US, and most of the money was recovered, with one of the ringleaders, being found dead in mysterious circumstances, with $100,000 in his possession.

Now, the Karnataka CID has begun investigating the possible link between the international ring of hackers and staff of enSTAGE Software Company. Earlier the case was investigated by Halasuru police and CCB (Central Crime Branch) and after local police could not probe this hi-tech and international case, the state DGP office asked CID (Economic Offence Wing) to pursue the case.

VNV Brahmanandam, the Head of Audit, Bank Muscat, has sent a formal complaint through Ramakrishna GV (Head, national sales of Bank Muscat) to India and registered a case with the jurisdictional Halasuru police in March 2013.

“enStage Software informed us about the possible money misuse. We have done our internal inquiry and found that no one could transfer the money unless they have ATM cards or e-banking facilities. So, we suspect that without the involvement of enSTAGE, its highly impossible to swindle money,” Ramakrishna stated before the police.

Halasuru police registered a case under section 66(C) of IT Act-2000 and also under 420 and other sections of IPC. Since the case involved huge amount of money stolen, the case was transferred to Central Crime Branch (CCB). They investigated the case and found it difficult to probe as it involves international transactions and lack of cyber tools. Thus the DG&IGP transferred this case to CID for further investigation on December 23, 2013, sources said.

Sources said the CID obtained the statement of preliminary findings of Muscat Bank, details of 12 pre-paid travel cards, the usage and processing service agreement of enStage Software, Operation Processing Manual of Muscat Bank, final report of computer forensic investigation for investigation with the help of Cyber police. The CID may seek Interpol’s help to investigate the accused arrested in foreign countries.

l  Dec 2012 and Feb 2013: An international ring of fraudsters hack get into databases of Bank Muscat and National Bank for Ras al Khaimah (Rakbank), by hacking two service providers for the banks,one in India and the other in US

The hackers increase the available balance and withdrawal limits on cards issued by bank muscat and Rakbank before distributing 12 fraudulent pre-paid travel cards from 8-10 countries, to counterfeit prepaid cards to ‘cashers’ around the world

February 19, 2013: Within a few hours, ‘cashers’ withdraw money in multiple cities, take a cut, and then launder it through expensive purchases or ship it wholesale to the global ringleaders

February 25, 2013: The India-based software provider for Muscat Bank, enStage Software, Bangalore, informs the bank about fraud that cost it $39 million

From March to December 2013, the American and German authorities arrest nine people in connection with the fraud

Alberto Yusi Lajud-Pena, the alleged leader kingpin, reportedly killed in the Dominican Republic on April 27, with a suitcase full of about US$100,000 in cash next to him

March 18, 2013: Muscat Bank registers a formal complaint to Halasuru police in Bangalore, suspecting the involvement of the service provider. The Halasuru police sit on the investigation, and the case is handed over to Central Crime Branch (CCB)

December 23, 2013: The DGP Karnataka takes the case away from CB and hands it over to CID Karnataka.