The Special Investigation Team (SIT) of Pune City Police, which is investigating the malware attack on Cosmos Bank, has started recovering money from some customers of the bank, who had found excess account balance during the time of the attack and withdrawn it with their ATM cards. Police are now probing how these accounts ended up with more balance.
Police believe these account holders were “accidental beneficiaries” of the cyber attack and don’t, prima facie, seem to have a criminal connection with the alleged hackers. In the coordinated digital attack on August 11, large sums of money were fraudulently withdrawn using several cloned debit cards of the Pune-based cooperative bank, through thousands of ATM transactions from India and 28 other countries in a period of seven hours.
While around Rs 78 crore was withdrawn in more than 12,000 ATM transactions outside India, another 2,800 transactions were made in different parts of India to the tune of Rs 2.5 crore. Probe had revealed that for the 2,800 ATM transactions in India, over 400 cards were used, of which more than 170 were used from Pune.
On August 13, more than Rs 13.5 crore was transferred to a Hong Kong-based entity using the Society for Worldwide Interbank Telecommunications (SWIFT) facility. The investigation has revealed that transactions outside India were done through VISA cards and those in India were done through the Rupay cards. In total, as much as Rs 94 crore was siphoned off.
Initial investigation has revealed that during the attack, some customers of the bank, while carrying out ATM transactions, found that their accounts had a much higher balance. Some of them withdrew large amounts of money that didn’t belong to them.
“According to our probe, these were accidental beneficiaries, not culprits using cloned cards in connivance with cyber criminals. We have reasons to believe that transactions in India have been done by both types of persons. We have started recovering money from people who were just beneficiaries and not culprits. We have recovered Rs 1.2 lakh from two persons from Pune,” said a police officer. “The focus of the probe is now on ascertaining how certain accounts had shown excess balance during the period of the cyber attack and whether there was any pattern in these instances,” added the officer.
Senior Inspector Radhika Phadke, who is part of the SIT, said, “The recovery of money from the accidental beneficiaries of the cyber attack will continue. The physical verification of individual persons is being done meticulously to establish the intent and possible criminality.” The data on transactions done outside India was awaited, said SIT officials.