Two years after the infamous Bangladesh Bank hack, an Indian bank says that cybercrooks compromised the bank's connection to the Swift messaging system to make three fraudulent transfers worth nearly $2 million.
In a statement, City Union Bank says that it found the three fraudulent transactions during its reconciliation process on 7 February.
The previous day, the hackers had managed to disconnect the City printer connected to Swift, meaning that the bank did not receive acknowledgement messages for the transactions.
One of the payments, a $500,000 transfer made through Standard Chartered Bank, New York to a Dubai-based bank was blocked immediately and the funds returned to City. Another, for EUR300,000 made through Standard Chartered Bank, Frankfurt to a Turkey-based bank has been blocked in the beneficiary's account. The third payment, for $1 million was made through BofA to a China-based bank and has already been claimed by someone submitting forged documents.
In an interview, City Union Bank CEO N Kamakodi told Reuters that there are similarities with the Bangladesh Bank hack, which saw crooks use malware to disable the Swift printer before stealing $81 million.
In contrast, the bank has been keen to stress that, contrary to some early reports, there is no evidence of its staff being involved in the crime.
Speculation about an inside job bubbled because of a scandal that has emerged in recent days at a Mumbai branch of Punjab National Bank, where a manager is accused of a six-year operation that saw $1.8 billion in fraudulent transactions made.
The manager and a subordinate have been arrested, accused of colluding with, among others, a billionaire jeweller called Nirav Modi.
According to court documents reviewed by Reuters, branch deputy manager Gokulnath Shetty issued a series of fraudulent Letters of Undertaking to other banks so that they would provide loans to a group of Indian jewellery companies.
He did this using the bank’s Swift system to log in with passwords that allowed him to not only send the messages but also review them for approval. He then failed to record the transactions on the bank's internal system - something required because the software was not linked to Swift.
News of the Union Bank heist comes just days after reports that a Russian bank last year lost $6 million to cybercrooks in an attack that took advantage of internal security weaknesses in the bank's gateway to Swift.
In a statement to Finextra, a Swift spokesperson says: "Swift does not comment on individual customers or entities. When a case of potential fraud is reported to us, we offer our assistance to the affected user to help secure its environment. We would like to reassure our customers that there is no indication that our network and core messaging services have been compromised.”