A startling report says a whopping Rs 1,100 crore was stolen by global cyber thieves in seven different countries. But the Narendra Modi Government used both its diplomatic charm and some arm-twisting to get the entire money back in no time.
Yes, your money from banks was stolen by global cyber thieves, but the Narendra Modi government quickly stepped in to get it back. Not a few lakhs or crores, but a whopping Rs 1100 crore !!
Alarm bells rang thick and fast in Indian banking circles recently as a huge amount of money got stolen by non-state actors spread across the globe.
Knowing well that India was moving fast towards a cashless digital economy, hackers siphoned off a huge chunk of money one night and routed it through multiple countries to make tracking difficult.
But India stepped in fast and got in touch with the countries and retrieved every penny.
The hacking was reportedly done by non-state actors spread across seven countries, some of which had no diplomatic ties with India.
According to a special report in The Hindu, the theft of $ 171 million, and its retrieval, took place in July 2016 but was kept under tight wraps. But the newspaper was able to lay hand on the details recently.
The theft is considered as the biggest in recent times and is double the size of what the Bangladesh Central Bank lost in February, 2016. That was $81 million.
The theft, via online transfer, took place on the evening of July 20, towards the end of the bank-week, The Hindu quoted officials. On that Thursday, an alert Union Bank of India official in the treasury department looking at Society for Worldwide Interbank Financial Telecommunication (SWIFT) payments was checking statements for the day from their dollar account. To his shock, he found a huge discrepancy. An amount of $171 million had been debited from the bank without his authorisation.
The official wasted no time and immediately raised a red flag. He alerted the bank’s top management about the shady transaction. “I haven’t authorised any such payment last night,” he bluntly and firmly told the bank’s management.
Lights went on at the banks top offices that Thursday night and top officials were summoned. The officials found that the money was broken up and had gone to five locations, including accounts in Cambodia’s Canadia Bank and RHB IndoChina Bank, Thailand’s Siam Commercial Bank, Bank Sinopac in Taiwan, and a bank in Australia.
These funds were routed by Citibank New York and JP Morgan Chase New York, which hold UBI’s foreign exchange accounts.
The Union Bank of India then alerted the Ministry of External Affairs (MEA). The MEA too did not waste time and acted swiftly by deploying top cybersleuths for investigating the money trail.
The sleuths found that the hacking took place when a malware was sent to a bank official, who mistakenly opened an email that enabled the theft.
The MEA roped in other top offices in the South Block which also swung into action.
However, there was one major problem. India did not have diplomatic relations with Taiwan and a large chunk of the money had gone into an account of Bank Sinopac in that country.
This meant there was a need for a court order to secure the banking reversal instruction. But then, there was no time. India then used the good offices of the US to do some tough talking to the Taiwanese bank to get back the amount.
In days, the amount of $171 million was traced and retrieved.
Chairman of the Union Bank of India Arun Tiwari and India’s cyber security chief, Dr. Gulshan Rai, who were involved in the operation, confirmed the attack
Chairman of the Union Bank of India Arun Tiwari and India’s cyber security chief, Dr. Gulshan Rai, who were involved in the operation, confirmed to The Hindu that while the attack was serious, all of the money had been retrieved within days.
“We tracked, stopped, recovered,” Tiwari said, indicating that the bank considers the temporary $171 million loss a closed chapter now.
“We worked in record time with the Reserve Bank of India, bank authorities and government agencies coordinating efforts. The bank succeeded in blocking the transfer of funds and credited the entire amount in a record period of six days,” Rai, who is the country’s first Chief Information Security Officer, was quoted by The Hindu.
An FIR was filed a month later on August 25 at Mumbai’s Cybercell, but bank officials said they had no information of further follow-ups including details of a charge sheet, or investigations in any of the six other countries involved.
Not much is also known as to what further precautions were taken by banking circles to prevent such fraudulent transfers.
Reserve Bank of India has asked banks to put stricter systems in place
However, what is known is that the Reserve Bank of India has asked banks to put stricter systems in place, including appointing a Chief Information Security Officer (CISO). The RBI has also created a specialised cell (C-SITE) to conduct detailed IT examination of banks’ cyber security preparedness, to identify the gaps and to monitor the progress of remedial measures by 2017-18.
But there is growing worry on another front as India pushes for cashless economy. There are reports that small time hackers are trying to siphon off money from common people, especially the middle class and the less educated customers who are unable to detect the fund transfers before it is too late to retrieve them.
Last year, several banks were forced to replace or change PINs on 3.2 million cards after security was compromised by a malware
Just last year, several banks were forced to replace or change PINs on 3.2 million cards after security was compromised by a malware that cost the banking industry 2 crore. State Bank of India — the country’s largest lender — had to reissue around six lakh debit cards to its customers.
On March 8 this year, the Pune-based Bank of Maharashtra filed an FIR with the Shivaji Nagar police station, after it detected at least 25 crore missing from various accounts. Cyber investigators tracked the problem to a UPI (Unified Payments Interface) solution from a local vendor, but couldn’t retrieve most of the money, The Hindu said.
This throws a question on the safety of Bharat Interface for Money or BHIM app. But the National Payments Corporation of India (NPCI) said the environment in which BHIM or UPI is run by NPCI is highly secure and certified with best global practices. But that assurance is of not much solace to the ordinary man who has this lurking feat that there are cyber thieves on the prowl.