The Special Investigation Team of Pune City Police, which is probing the malware attack on Cosmos Bank that took place in August, has now zeroed in on the suspects who were involved in cloning the cards by using data stolen by international cyber criminals. This data was, in turn, used by the ‘mules’, who have since been arrested.
In the first week of December, police filed a chargesheet against the nine accused arrested so far. Police have said these accused were the last link of the widespread web that started with stealing of data from the bank in the malware attack.
In one of the biggest cyber attacks on an Indian bank in recent times, several cloned debit cards of the Pune-headquartered Cosmos were used for thousands of ATM transactions from India and 28 other countries in a period of seven hours on August 11. While around Rs 78 crore was withdrawn in more than 12,000 ATM transactions outside India, another 2,800 transactions were made in different places within India, to the tune of Rs 2.5 crore. Further, on August 13, over Rs 13.5 crore was transferred to a Hong Kong-based entity using the Society for Worldwide Interbank Telecommunications (SWIFT) facility.
Investigation revealed that while the transactions outside India were done through VISA cards, those in India were done through Rupay cards. In total, Rs 94 crore was siphoned off.
Tracking cyber criminals is a complicated affair
Recovering money, or getting hold of the culprits, in an incident like this is an extremely complex affair, since the footprint of the crime is spread over several countries. With the recent developments in their probe, investigators seem to have inched closer to the suspects higher up in the chain. However, this is limited only to the suspects who made illegal withdrawals in India. For any forward movement on the investigations in other countries, international treaties on exchange of legal information would come into play. The probe by Pune police in the case is also expected to unearth a network of criminals involved in similar crimes in the country. The probe has already revealed that some of the suspects in the case were also part of a cyber attack on the City Union Bank in Chennai earlier this year.
Among the 28 countries to which Pune City Police had written to, seeking information on the transactions, 12 have replied till now, said sources. Those chargesheeted by the police include Fahim Shaikh, Fahim Khan, Shaikh Jabbar, Mahesh Rathod, Naresh Maharana, Mohammed Jafri and Yustis Vas, who withdrew money in Maharashtra, and Rafique Ansari and Abdullah Shaikh, who withdrew money in Rajasthan.
A senior official, who is part of the probe, said, “As is the common modus operandi in such cases… in this case too several people were used as mules, who carried out the withdrawals for a commission. While we have chargesheeted the nine persons arrested till now, we have gathered concrete information on who the next links in the chain were. These suspects are Indians and are currently on the run. We have launched a search for them.”
The information stolen during the attack was sold over the dark net, said a cyber crime expert who has worked with Pune police on several cases. “The international cyber criminals who stole the Cosmos data by infiltrating in the system sold it further down the chain over the dark net. This data was used in individual countries to make the cloned cards. These cards were further passed on to mules for making the withdrawals. The police are probing the case by making their way up from the last link in the chain. At further stages, this probe will involve multi-country efforts and investigations may take several months.”