Pune bank fraud: What you should know about cyber attack that led to loss of Rs 95 crore in 3 days

In what could be termed as one of the biggest cyber attack so far in India, hackers transferred Rs 95 crore in just three days from Cosmos cooperative bank into foreign-based bank accounts. The hackers made around 12,000 transactions for the span of three days to transfer the amount. 

But how did it happen? Did the FBI know about it and what are RBI guidelines related to cyber scam. Below we have answered the FAQs related to the Pune bank fraud.

How did the scam take place?

According to police, the hackers used malware to hack the bank system and transferred the amount. "The hackers used the malware to hack the system and to clone the card details of the banks customers to transferred the amount. On August 11, the hackers cloned the debit cards details and performed 12,000 transactions to transfer Rs 78 crore out of India. On the same day, total 2,849 transactions were performed within the country in which Rs 2.5 crore were transferred," the police said. 

However, to calm down the customers, the Pune based co-operative bank auured customers that they do not need to panic as the money has not been withdrawn from any of the bank accounts.

A total of 450 cloned international Visa and several RuPay debit cards were used in 28 countries, including 2,800 transactions in India. It is suspected that the hackers have links with Hong Kong.

Did the FBI warn international banks about potential threat?

Just a few days before Cosmos cooperative bank fraud, the FBI had warned banks of a major hacking threat to cash machines worldwide.

According to Krebs On Security, a cyber-security blog run by journalist Brian Krebs, a confidential alert sent out by the America's Federal Bureau of Investigation, told international banks that criminals are plotting a concerted global malware attack on cash machines in the next few days.

It was also believed that smaller banks with less sophisticated security systems were thought to be most vulnerable to an attack. The scheme used, which is known as an ‘ATM cash-out,’ in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours.

What are RBI guidelines related to cyber attack? 

In its efforts to check cyber frauds, the RBI had in June 2016 issued guidelines for banks on setting up their own cybersecurity framework. Three months later, it again urged banks to follow the norms to tackle internet fraud. The regulator also formed an inter-disciplinary committee on cybersecurity in February 2017.

Meanwhile, the Maharashtra Cyber Crime has swung into action and has roped in banking and cyber experts to assist the Pune police to probe the hacking of Cosmos Cooperative Bank's system. Rs 94 crore was siphoned off by cybercriminals.

A 10-member team led by the special inspector general of police, Brijesh Singh will visit Pune to supervise the investigation and provide necessary support to the Pune police.

The state cyber wing's move is crucial as the bank has admitted that there was a Malware attack on the switch, which is operative for the payment gateways of VISA and Rupay debit cards. The state cyber crime wing has already set up 34 well-equipped cyber labs in all districts.