In the first important breakthrough in the Cosmos Bank malware attack case, the Special Investigation Team (SIT) of Pune City Police has arrested two persons who allegedly withdrew around Rs 89 lakh from ATMs in Kolhapur using cloned cards. Police sources said they are set to make more arrests in the coming days.
The two suspects have been identified as Fahim Shaikh (27), a resident of Bhiwandi in Thane district, and Fahim Khan (30), a resident of Sillod in Aurangabad. The SIT had zeroed in on the two persons on the basis of footage from security cameras installed in several ATM kiosks in Kolhapur, from which the two suspects and their accomplices allegedly withdrew about Rs 89 lakh, using over 90 cloned cards. Money had also been withdrawn, by using cloned cards, from ATMs in Indore, Mumbai, Kolhapur, Ajmer and other cities.
In the coordinated digital attack, large sums of money were fraudulently withdrawn using several cloned debit cards of the cooperative bank, through thousands of ATM transactions, made in India and 28 other countries within a period of seven hours on August 11.
While around Rs 78 crore was withdrawn via over 12,000 ATM transactions outside India, another 2,800 transactions were made in different places within India, to the tune of Rs 2.5 crore.
On August 13, Rs 13.5 crore was transferred to a Hong Kong-based entity, using the Society for Worldwide Interbank Telecommunications (SWIFT) facility. Investigations revealed that the transactions outside India were made through VISA cards and those in India were done through Rupay cards, and a total of Rs 94 crore was siphoned off.
In the third week of August, police had started recovering the money from some customers of the bank, who had found excess balance in their accounts during the time of the attack and withdrawn the money with their own cards. Police had said these account holders were the accidental beneficiaries of the cyber attack and did not prima facie have any connection with the hackers. Till now, police have recovered over Rs 3.5 lakh from 27 such beneficiaries.
Shaikh and Khan, the two accused arrested on Tuesday, are suspected to be connected to the cyber criminals and of using the cloned cards, said police. The two arrested suspects were produced before a magistrate’s court in Pune and were remanded to police custody for seven days. Investigators are now probing how these cloned cards were made, which tools were used for making them and how the cyber criminals received the data required to make the cards.
In its remand application, police said, “We have communicated to the Interpol and the CBI about getting information on the transactions that have taken place in 237 banks in 28 countries. Information from them is awaited. We have received CCTV footage from 21 banks from within the country and the same from other banks is awaited.”
A search has been launched for five known accomplices of the two arrested suspects, police said in its remand application.
“The investigation is being conducted at very large scale, in a coordinated manner. A large amount of electronic data… is being analysed by the teams. The 2,800 transactions within India were done using 413 cards and around Rs 2.5 crore was withdrawn. Some more arrests are likely. There is no doubt that an international syndicate is involved in the crime. The arrests on Tuesday and those in the coming days will be an important step towards tracing the masterminds,” said a police official who is part of the probe.