THE ECONOMIC Offences Wing (EOW) of the Mumbai Police has registered a case after the State Bank of Mauritius (SBM) filed a complaint that its systems had been hacked.
According to the complaint lodged on October 5, the accused hacked into the bank’s SWIFT payment system and attempted to siphon off Rs 147 crore. However, the remitting banks got suspicious and raised a query with SBM if the transactions were genuine. After SBM alerted the four offshore banks through which the remittance was being initiated that the amounts were not raised by them, the transactions were stopped. However, by then, the bank had lost close to Rs 29.8 crore, the police said.
In a statement, however, SBM said that it had suffered a loss of around Rs 19 crore and with the bank having an insurance cover against cyber attacks, the loss would come down further.
According to the police, on October 2, a public holiday, the accused hacked into the SWIFT payment system of SBM’s Nariman Point branch and raised different amounts with four offshore banks (two in USA, one each in London and Paris). After multiple remittances were carried out within a few hours, contrary to the bank’s normal course of functioning, the London bank got suspicious and raised a query with SBM.
“The bank, after checking its system, found that the email to release the amounts was sent by an email ID similar to the person incharge of SWIFT transaction. The bank asked the offshore bank to stop the payment. Their inspection found that similar requests were raised to two more banks in USA and Paris and these transactions, too, were asked to be terminated. However, the hackers managed to siphon off Rs 29.8 crore through 10 to 12 accounts, mostly from southeast Asian countries like Japan, China, Hong Kong and Singapore. The rest of the funds were blocked after an FIR was lodged and its copies sent to these offshore banks,” said a senior EOW official.
The police have asked the SBM branch to submit its CCTV footage. The hard disc of the person who supervised SWIFT payment and gave instructions have also been collected. “Preliminary assessment reveals that the hackers used the modus operandi similar to that of Pune’s Cosmos bank of hacking into SWIFT by sending a malware into the system of the person who dealt with SWIFT and then used the credentials to send bogus emails using similar email IDs and raising request for remittances. We are also probing if there is an insider hand, if somebody parted with the SWIFT credentials with the accused,” said the official.
“We suspect that the accused studied how much was the remittance made and raised the requests accordingly. However, he committed a mistake by raising multiple requests in quick succession,” the official added.
The EOW plans to send Letter Rogatory (LR) to the three countries where the offshore banks are located. “The LRs would be send in due course as the amounts have been remitted from offshore banks,” said another official. LRs are a formal request from a court to a foreign court for judicial assistance.
EOW Senior Inspector (banking division) Kishore Parab said: “A case under IPC and the Information Technology Act has been registered.” The spokesperson of SBM India said: “A cyber incident took place on October 2, whereby SBM India has been victim of a cyberattack through fraudulent SWIFT payments but the necessary measures have been taken to prevent any further damage. Based on proactive and prompt measures, we have managed to recover most of the lost amount. “As of today, the lost amount is limited to Rs 19 crore, which will come down even further post claiming the insurance money. We would like to assure our customers that not a single customer account has been impacted…,” the spokesperson added.