The Special Investigation Team (SIT) of the Pune city police, which is probing the malware attack on Cosmos Bank in which Rs 94 crore was siphoned off, has said that they have got the locations of the Automatic Teller Machines (ATMs) in India, including those in Maharashtra, from which the money was withdrawn during the cyber attack. Officials said that they were now waiting for the data on transactions in ATMs located outside India.
In arguably the first of its kind coordinated digital attack on an Indian bank, large sums of money was fraudulently withdrawn using cloned debit cards of the Pune-headquartered cooperative bank through thousands of ATM transactions from India and 28 other countries in a period of seven hours on August 11.
While around Rs 78 crore was withdrawn in more than 12,000 ATM transactions outside India, Cosmos Bank said another 2,800 transactions were made in different places within India, to the tune of Rs 2.5 crore. On August 13, Rs 13.5 crore more was transferred to a Hong Kong-based entity using the Society for Worldwide Interbank Telecommunications (SWIFT) facility. While the transactions outside India were done through VISA cards, those in India were done through Rupay cards.
After the registration of FIR at Chatushrungi police station, the Pune city police had formed a SIT, comprising police officers and cybercrime experts. Deputy Commissioner of Police (Cyber Crime and Economic Offences Wing) Jyotipriya Singh, who is heading the SIT, said, “In our probe, till now we have been able to identify the ATM machines in India used to withdraw money during the cyber attack and also their locations. We are now analysing data of these transactions to identify those which were genuine and those fraudulent. This will be done by cross-verifying card data from the bank and also the CCTV images from the ATMs.”
The transactions in India were done from Mumbai, Kolhapur, Pune, some other places in Maharashtra and also in Madhya Pradesh and Uttar Pradesh. Cosmos Bank officials said the illegal withdrawals were enabled by the malware attack which authenticated debit card transactions bypassing the bank’s computerised core banking system.