What Is The Problem With Cosmos Bank? | Cyber Attack

Welcome to Cybercrimes Daily In today’s article, we will know what is the problem with Cosmos Bank? And about the cyber criminals behind it. On the evening of August 11, 2018, everything seemed like a normal routine like every day. All the bank officials were busy with their own work.

What Is The Problem With Cosmos Bank?

By 5 pm, the phones rang one after the other and everyone had the same question, is there something wrong with the server? But the incident was different. After some time, suddenly the city of Pune in Maharashtra became the center of action for the entire country. The whole country started panicking.

The Server Was Hacked

You must all be wondering, what exactly happened? No one understood anything. But friends, the bank’s powerful security server was hacked. It was the biggest cyber attack in the country’s banking history.

It was an attack that shook organizations in 32 countries. Friends, we are talking about the Cosmos Cooperative Bank robbery, where the robbers hacked the data of the Cosmos Bank headquarters located in Pune and carried out a cyber attack of Rs 94.42 crore. Although there have been many big robberies in the history of India, this robbery broke all the previous records.

The Police Investigated From All Angles

The police did not even put a fingerprint on the name of the source. There were only thousands of ATM machines and camera recordings. Who did it? Nobody knew anything.

The Pune police investigated from all angles, but the case became more complicated. The police tried all their tricks to reach the real criminals, but they were not successful. And even today, these criminals are absconding.

Cyber Robbery at Cosmos Bank

In today’s article, we will discuss the cyber robbery at Cosmos Bank and find out who carried out this biggest bank robbery in the history of India. How did they do it? And what is the police doing in this incident? What happened that day? Friends, on August 11, at around 5 pm, Cosmos Bank officials received a message from Visa, a financial services company. Their algorithm recorded unusual activity on the bank’s debit card.

Account Balance On The ATM Screen Is High

While all this was happening, a Rupee debit card holder connected with the bank with a strange problem. He informed the bank that the account balance on the ATM screen of the ATM from which he was withdrawing money was very high. Friends, the noteworthy thing here is that it was a Saturday and it was evening.

This is the time when the bank does not work as hard as on other days. Those who planned this robbery knew that the response would be slower than on other days. After this, the bank checked its customer database server and found no evidence in the check.

Read Also

• Bank Fraud: Bank Employees Big Fraud, Still Going on! | Scammers’ Warning
• Cyber Fraud: Online Fraud From Abroad, Horrific Report by Home Minister | Cyber Security
• Internet Safety for Youth.| Cyber Security Awareness
• Cyber Crime: Why Should Youth Be Worried?
• What Is a Hold Lien Account? | How To Remove Lien

But the money was withdrawn. The next day, Sunday, came and went. As soon as Monday came, the Society for Worldwide Interbank Financial Telecommunications, i.e. SWIFT, informed the bank of three major transactions.

This is a messaging system that is used to send money to other countries. This system enables international banking transactions. SWIFT said that hackers stole Rs 13.92 crore through this system.

This amount of money was transferred to an account called Hang Seng in Hong Kong. This account belonged to a local company. It is believed that it is a shell i.e. a fake company.

80 Crore Was Withdrawn

Earlier, a confirmation request came from Visa and Rupee debit card partners for transaction logs. When it was confirmed, it was seen that about Rs 80 crore was withdrawn. Many ATMs were used. Whatever was happening, when the Cosmos Bank people connected it, they were able to estimate the seriousness of the matter.

Filed an FIR

Finally, the bank officials filed an FIR at Chatur Shringi police station in Pune at 1.58 am on August 14. Then the investigation started. Let’s see how the Pune police investigated this matter.

Where has the Pune police investigation reached? Friends, on August 14, the police called a meeting of all the top police officers of the city to investigate this matter. Cyber security experts, payment companies, NPCI and top officials of Cosmos Bank were present. After the meeting, a 7-member Special Investigation Team (SIT) was formed.

Used 5,000 Cloned Cards to Commit The Theft.

Along with this, small teams of police were formed. Each team was looking into different aspects of the investigation. One team went in search of the thugs, while the other team was investigating the technical aspects of how the hackers entered the bank’s system. During the investigation, the police found that the thugs used more than 5,000 cloned cards to commit the theft.

In just one day, they withdrew cash from 32 countries. For this, the thieves had written down their plan in the last 6 months. The thieves formed a team of many people for this and this bank robbery was carried out. The thugs planned to withdraw money from the bank in two phases.

According to Police Sources 

The hackers had made strong preparations to target Cosmos Bank. Six months before the attack, the hackers installed their malware on the server so that they could make strong preparations to withdraw money. Malware is a type of virus that hackerspartner with the hackers or not. According to the police, people like Sheikh are organized and well-managed. In fact, to help verify the data shared by the hacker, they are also in a technical team.

Then cards are prepared and money mules are handed over with special instructions. Pune police have found this criminal network connected to countries like America, Russia, Britain, Egypt, Hong Kong and Switzerland. 

Pune Police Have Found 

A senior inspector of Pune Cyber Police said, When we found out that this network is connected to 31 other countries other than India, we sent our proposal We will request help from those countries through the Letters Regulatory and Mutual Legal Assistance Treaty Police sources say that the help from America will be very important because it is itself investigating complex matters related to the Cosmos Bank attack.

That a secret agency of North Korea may have a hand in this matter for the Reconnaissance General Bureau. The three gurus of this unit are suspected of cyber attacks in the same year i.e. 2018. All three have a long criminal history.

Global Ransomware

They are accused of the 2017 WannaCry210 global ransomware attack. In 2016, they are also accused of stealing about $80 million from Bangladesh Bank. American companies have also harassed a person associated with them.

His name is Ghalib Alomri. Alomri has US as well as Canadian citizenship. He used to work for North Korean cybercriminals to launder money.

Alomri also confessed to his crime before the US Supreme Court. The US Supreme Court sentenced him to 11.5 years in prison. Alomri also used cryptocurrency to launder money.

According to US Supreme Court

According to US Supreme Court documents, banks in India, Pakistan and Malta are among the victims. Apparently, the scam is quite big. Pune police have arrested 18 criminals in this case but they were all hired.

They withdrew the money but they did not know how big a conspiracy they were becoming. Thousands of such mercenaries were used in many countries that day. Without the help of legal agencies of all those countries, it would have been impossible for the Pune police to solve the matter.

The Pune police must appreciate the efforts of the Ministry of External Affairs and Cosmos Bank, due to which Rs 5.72 crore was recovered. In fact, the Hong Kong officials had seized Rs 10 crore. The court there asked Cosmos Bank to return the money.

The Rs 5.72 crore was the first case of this amount. But the biggest question was how did Sheikh’s cloned cards get the information? To understand this, it is important to see how such a strong security of the bank was hacked. Modus operandi friends, it is important to understand how the system works in normal situations.

Core Banking System

Normally, the ATM card is connected to the switch through a payment system provider like Visa, MasterCard or Rupicard. After this, it is connected to the bank’s customer database server, i.e. the core banking system i.e. CBS, where the credentials are stored. CBSE controlled the transaction criteria, such as daily withdrawal limits and the number of transactions per day, so that the balance was maintained.

That is, CBS is like a kind of centralized network that helps customers make basic transactions by providing access. CBS also helps update daily banking transactions and other records. Once the transaction is approved by CBS, the bank’s switch shares the approval with the ATM machine. Only then the ATM user gets the money.

Communication Between The Switch and CBS

The hackers succeeded in penetrating the internal part of the bank’s pipeline and successfully entered the malware in the bank’s switch. What they did was disconnect the communication between the switch and CBS. Along with this, the hackers completely isolated CBS and set up an administrator profile at the switch or server level to approve transactions. Since the switch was separate from the server, the withdrawals were not visible in CBS.

But many accounts were showing random balances, due to which a customer informed the bank, which we mentioned at the beginning of the article. He also repeated this in the SWIFT workflow. Once he got it, he changed the nature of SWIFT transactions.

Conclusions

So friends, this was the whole story of the Cosmos Cooperative Bank robbery. Today we are moving towards digitalization, but we are also facing dangers. We need learn from this scam of Cosmos Bank that to move towards digitalization, we need to strengthen our system.

Online fraud is very different from other crimes. In this, you do not need a passport or visa to commit a crime. A criminal can sit across the seven seas and commit a crime.

In this case, you have to make a lot of effort to If you want to suppress cybercriminals easily, then you have to work with the legal agencies Otherwise, there will be a lot of pressure from the hackers. This is the reason why Pune Police’s investigation can become a model for fraud investigation. In this, legal agencies from 32 countries will work together