One day prior to Independence Day, Pune city's oldest urban cooperative bank, Cosmos, woke up to a cyber assault. Online defrauders had infiltrated into the bank's system and siphoned off Rs 94 crore. They also stole critical information of many of the bank's VISA and Rupay card customers through a malware attack on its ATM server.
The attack was another addition to a long and growing list of cyber attacks in the country, especially those related to banking where critical information of account holders is compromised.
Hackers have only been improvising new ways to break into the system and prey upon people's data. Many times, the banks are not aware of the fraud that is coming to pass.
Late last month, at the BRICS summit in South Africa, Prime Minister Narendra Modi emphasised the revolutionising effects of the fourth industrial revolution which rides on the back of Internet of Things, quantum computing, artificial intelligence, and suchlike. After a ban on the old high-denomination currency notes and under a unified tax regime, more and more Indians are moving away from cash transactions and towards digital methods of banking. But the crime graph of recent years shows the clear dangers that beset the Digital Age.
Before the online assault on Cosmos bank, the offenders were mainly attacking 'SWIFT' financial platform to move money fraudulently. But the Cosmos case produced a fresh challenge for investigating agencies because this time, along with SWIFT, the criminals used customer debit card data to clone several cards and withdraw money, IRL, from ATM booths.
The particular bank fraud, according to the investigators, was all the more intricate. Because unlike previous cases, when money was transferred (via SWIFT) in various accounts in one or two foreign countries, this time, of the roughly Rs 94 crore scammed, the swindlers transferred
Rs 13.92 crore through SWIFT in Hong Kong, and withdrew the bigger amount of Rs 78 crore from ATM centres spread across 28 countries, making for a mind-boggling man-machine hunt.
"In a bank fraud case in Chennai, some portion of the money could be recovered as the defrauders had only used SWIFT, making it easier to trace the stolen money. But in the Cosmos case, all the platforms — SWIFT, debit cards and texting systems — were attacked to steal the money. So the investigating agencies have the complex task of working in different directions simultaneously to crack the case," said Jyoti Priya Singh, deputy commissioner of police (DCP, Cyber Cell) , who heads the special investigation team probing the case.
Sleuths suspect that the offenders were doing the groundwork for the crime against Cosmos bank for weeks or even months before its commission. A security expert helping the investigators told DNA on the condition of anonymity, "Before the attack, the fraudsters must have carried out a recce of the bank system and collected debit card data of account holders. The same data was made available on the deep web, so their cohorts sitting in any part of the world could clone the cards."
Then the culprits waited for a weekend (the Saturday of August 11), when the bank would be closed, to mount the attack so their fraud would not be detected immediately, the expert said.
Preliminary investigation reveals that most of the stolen money was withdrawn in the US, the UAE, Canada, Turkey and Russia. "We have begun the investigation of the fraudulent transactions which have taken place in India but as far as the transaction in foreign countries is concerned, we will require the cooperation of the foreign agencies concerned," DCP Singh said.
Agencies here have initiated correspondence with the countries where the money was withdrawn, asking them for help in the investigation. "After the money was withdrawn from ATMs, the fraudsters could have set off for any part of the world. Tracing them is a challenge. And even as we are working to find out if the perpetrators got any help from within India, we are hoping the other countries would share some leads," DCP Singh added.
In other words, it is a long-winded battle for cyber police. And while illegal online conquests have so far not routed national security, sovereignty or international economy, they are dangerously close to that territory. Take, for example, the 2016 US presidential elections that are alleged to have been tampered with by Russian hackers. Or, even the epidemic of fake news which countries across the world are only now beginning to tackle.
At the same time, the exposure to risk is only growing, with corporations both private and public rushing towards digitisation. As entire systems and processes accelerate their binary evolution, the gaps grow in number at an equal pace, with hackers adapting to find chinks in the system.
This is reflected in the frequency of cyber attacks on security systems, banks and social media platforms, and the speed with which they change form.
In the long run, digital crimes threaten to disrupt long-established systems, and could even lead to cyber warfare. And in the short, they are already mounting attacks on internal security and financial systems, primarily banks and individuals.
DNA makes an attempt to outline the broad types of cybercrime, how they are impacting people, what banking and law enforcement officials are doing to check them, and what are the necessary safeguards to ward off a digital onslaught.
Mass Digital Literacy
The risk to data is only growing, with corporations both private and public rushing towards digitisation and criminal keeping pace with the cutting edge of tech. What is needed is large-scale digital literacy programmes in vernacular languages to keep officials and the public informed of the latest threats.
Semantics Of Cyberthreat
Man-In-Middle
Man-in-the-middle (MITM)attack is a form of session hijacking where the hacker inserts either himself or a bot into a conversation between two parties, impersonates both and gains easy access to the information being exchanged. The attack enables the hacker to exploit real-time processing of transactions or transfers of data. Information obtained by the hacker could be used for whatever purpose they wish to use, including theft, unapproved financial transactions or illicit password change.
Precautions
- Avoid WiFi connections that aren’t protected by a password
- Pay attention to notifications from browsers for unsecured sites
- Logging out of apps
- Not conducting sensitive transactions in open servers
Phishing
This is a type of social engineering attack which the hackers use to get access to important data including debit and credit card details. They masquerade as a legitimate enterprise and dupe the victim by sending malicious links and messages which, when clicked, instal malware and freeze the original software, giving hackers access to sensitive information. Government organizations often fall prey to such attacks, suffering loss of finance, consumer trust and reputation.
Precautions
- Stay vigilant
- Don’t click sponsored links with suspicious content
- Two-factor authentication (2FA)
- Set meaningful and difficult passwords and set them with utmost care
Skimming
It is like an identity theft of debit and credit cards where the miscreants use electronic devices (skimmers) to steal personal information stored in the cards and record PIN numbers to access cash in the accounts. When a card is swiped, the skimmers which are stealthily inserted in the machine, also read the card details along with the machine and store the information within the magnetic strip. Some ATM skimmers employ fake keypads through which the PIN is recorded and misused later.
Precautions
- Never disclose details of cards to any stranger
- Never reveal ATM PIN and passcode to anyone
- Always check the ATM machine for signs of tampering before using it; report suspicious findings
Cyber Stalking
It is a criminal practice where an individual uses the Internet to hound or threaten someone. The miscreant keeps track of the victim’s movements. Social media, email, chat rooms and instant messaging apps are some platforms where the crime is perpetrated. Catfishing is another form of online stalking where a fake online persona is created to fool victims. In legal terms, cyberstalking is invasion of a person’s privacy. It may involve slander, threat, identity theft and data destruction.
Precautions
- Log out of programmes and web- enabled devices when not in use
- Use privacy settings to limit online sharing of personal details like birth date, name, address etc
- Use a security software to ensure better security management
Sim Card Swap
A criminal registers an existing cellphone number on a new SIM card, usually to intercept notifications and one-time passwords, or OTPs, sent to the original client when they carry out a transaction of sorts on their online banking profile, or when they change account security settings and so on. This allows the fraudsters to steal money from the client, and they may not even notice before it is too late. This poses a serious threat to customer data security, while also posing a challenge to the banks.
Precautions
- Avoid revealing too many details and personal data online
- Never respond to unsolicited offers of money received through e-mails/phone or other media.
- Frequently check, online transaction history.
Email Bombing
Email bombing, or spamming, is when massive volumes of emails of identical nature are sent to the victim, who finds it difficult to operate the computer as the internal software crashes. The sent emails are meaningless and excessively long, and exhaust the server’s capacity to receive further mails. The victim then finds it difficult to send or receive emails. If multiple accounts of the mail server are targeted, it may have a denial-of-service impact. Such bombings are easily carried out using bot-nets.
Precautions
- Use proper anti-virus and put up a firewall to restrict traffic
- Use email filers and other forms of credible security layers
- Use proxy servers
- Use Simple Mail Transfer Protocol, a method of authentication
IVR Fraud
Recently, a new type of fraud came to light after a 34-year-old Mumbai resident was duped of Rs 26,000 by an interactive voice recorder (IVR) system. In the new system of conning, the IVR asks basic details and also the OTP (one-time password) from the account holder, after which the details related are directly shared with the fraudster, even if no details are shared orally over phone. Experts say this fraud requires a new type of technology accompanied by telecommunications sets.
Precautions
- Do not entertain any such calls asking to share card details, OTP, account details
- Always seek official help from the authorized bank and banking officials regarding renewal, unblocking, bonus, insurance policies etc
Dos Attack
A denial-of-service attack is meant to shut down a machine or network, making it inaccessible to its users. The hacker floods the victims mail account with traffic or sends them information which results in a crash. Web servers of high-profile entities such as banks and security outfits are often the targets. The bandwidth of the server gets overloaded and it may malfunction or crash completely. The attack gained prominence after 2016, throwing services of the biggest websites out of gear.
Precautions
- Restructure security architecture
- Make sure that the network system is monitored effectively
- Deploy the right hardware
- Prepare for traffic spikes so routine business operation does not face severe technical glitches
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
 "Cybersphere")
)
Hackers have only been improvising new ways to break into the system and prey upon people's data. Many times, the banks are not aware of the fraud that is coming to pass.)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}