NEW DELHI (Reuters) - Hackers who tried to steal nearly $2 million from India’s City Union Bank this month used tactics similar to those employed in the unsolved cyber heist of $81 million from Bangladesh’s central bank in 2016, City’s CEO said on Monday.
The unknown hackers disabled the City printer connected to global payments platform SWIFT on Feb. 6, preventing the bank from receiving acknowledgement messages for three fraudulent payment instruction sent that evening until the next morning.
“Nobody suspected that it was an attack and thought it was a systemic network failure,” N. Kamakodi told Reuters by phone. “The system department people, everybody assembled, analyzed the problem, rebooted, they closed shop only around 10-10.30 in the night.”
The next morning, bank officials managed to reconcile the previous day’s transactions and found out “three transactions which were not originated from our bank”.
The bank had been able block only one of the transfers worth $500,000, while attempts were under way to retrieve the rest, he said. It first disclosed the heist on Saturday. (reut.rs/2ohQElt)
In the case of Bangladesh Bank, hackers infected the system with malware that disabled the SWIFT printer. Bank officials in Dhaka initially assumed there was simply a printer problem. (reut.rs/2jk1W74)
The hackers stole the money from Bangladesh Bank’s account at the Federal Reserve Bank of New York using fraudulent orders on SWIFT. The money was sent to accounts at Manila-based Rizal Commercial Banking Corp and then disappeared into the casino industry in the Philippines.
Nearly two years later, there is no word on who was responsible and Bangladesh Bank has been able to retrieve only about $15 million, mostly from a Manila junket operator.
“We definitely see similarities between the Bangladesh case, and the similarities are being factored into the investigation,” Kamakodi said.
City Union, a small private lender based in south India, said the three money transfer instructions were sent via correspondent banks to accounts in Dubai, Turkey and China.
He said SWIFT was helping it investigate the matter, and that the hack happened despite the bank adding new security measures days before.
“It’s a cat and mouse game,” he said.
SWIFT said it did not comment on individual customers or entities.
Russia's central bank said last week that unknown hackers stole 339.5 million rubles ($6 million) in an attack via the SWIFT international payments messaging system in Russia last year. (reut.rs/2Gl0Hxu)
($1 = 56.4 rubles)
(This version of the story corrects last paragraph to say hackers stole via the SWIFT platform, not on the platform)
Reporting by Sudarshan Varadhan; Editing by Krishna N. Das and Nick Macfie