Filename | Mumbai bank hacked, Rs 2.4 crore siphoned off in 3 hours |
Permission | rw-r--r-- |
Author | Unknown |
Date and Time | 5/18/2013 |
Label | Cyber News |
Action |
Ethical Hacking Institute in Pune
./Arizona Team
MUMBAI: The RPG Group of companies became the latest victim of online banking fraud when cyber criminals hacked into the firm's Mumbai-based current account and siphoned off Rs 2.41 crore in three hours on May 11.
The first of the 13 money transfers to accounts across India was made at 11.30am and the last at 2.30pm, before the bank got suspicious of the huge cash transfers and checked with the group confirming the fraud, the Worli police said. The largest transaction was of Rs 25 lakh and the smallest of Rs 15 lakh.
Three men (names withheld), who received the money in their accounts, have been arrested in Coimbatore and Hyderabad by three special teams formed by additional commissioner of police (central region) Praveen Salunke. They will be brought to Mumbai on Saturday.
The bank has blocked the accounts of the beneficiaries, but the hackers, who most likely stole the company's username and password through Trojan malware, have already managed to withdraw some funds from the accounts, sources said.
The investigation teams kept a watch at the banks in Coimbatore and Hyderabad to where funds had been transferred and nabbed people who came to withdraw money. The teams, led by inspector Suresh Mahadik, are interrogating the men in custody to learn about others in the racket, especially the kingpin.
The 13 transactions were done through Real Time Gross Settlement (RTGS), a system through which funds are transferred in real time by an account holder from one bank to another. "The money was transferred to 13 different bank branches in Bangalore, Chennai, Coimbatore, Hyderabad, Jharkhand, Tirunelveli and other places," a Worli police officer told TOI. "We managed to freeze accounts, but some funds have been removed."
Investigators said the cyber criminals followed a modus operandi similar to the one executed on January 31 when Rs 1 crore was siphoned off in Mulund from the current account of a cosmetics company. "Prima facie, the company officials may have responded to a Trojan mail sent by the fraudsters. The hacker then probably got the group's current account and username when officials logged in," said an investigator.
Investigators said the bank has provided the company with three usernames and passwords for net banking. "The cyber criminal had used the primary username and password and logged into the current account to transfer funds. The cyber criminals also transferred some funds from beneficiary accounts to third-party accounts," said an investigator.
Investigators have learnt from the arrested men that they allowed their bank accounts to be used in return for a good commission. "We also learnt that the hackers prefer late Friday nights or Saturdays to execute such online frauds, because it gives the victim lesser scope to block or freeze accounts. Banks are either shut on the weekends or operate half-day on Saturdays."
A case has been filed under Indian Penal Code sections 34 (common intention), 120-B (punishment for criminal conspiracy) and 420 (cheating), and under IT Act sections 65 (tampering with computer source documents), 66-B (dishonestly receiving stolen computer resources), 66-C (identity theft) and 66-D (cheating by impersonation by using computer resource).
Investigators have also sought details from the bank on whether it has followed Know Your Customer (KYC) norms.
A spokesperson for the bank said full cooperation is being extended to the police. "The police quickly caught the three men. Timely action taken by the bank to block beneficiary accounts has helped save large sums from getting siphoned off," said the official.
An RPG Group corporate communications official said, "We will unfortunately be unable to answer questions at this juncture. The incident is being investigated by the authorities and we are extending all the necessary cooperation for a rapid investigation."
www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE
./Arizona Team
MUMBAI: The RPG Group of companies became the latest victim of online banking fraud when cyber criminals hacked into the firm's Mumbai-based current account and siphoned off Rs 2.41 crore in three hours on May 11.
The first of the 13 money transfers to accounts across India was made at 11.30am and the last at 2.30pm, before the bank got suspicious of the huge cash transfers and checked with the group confirming the fraud, the Worli police said. The largest transaction was of Rs 25 lakh and the smallest of Rs 15 lakh.
Three men (names withheld), who received the money in their accounts, have been arrested in Coimbatore and Hyderabad by three special teams formed by additional commissioner of police (central region) Praveen Salunke. They will be brought to Mumbai on Saturday.
The bank has blocked the accounts of the beneficiaries, but the hackers, who most likely stole the company's username and password through Trojan malware, have already managed to withdraw some funds from the accounts, sources said.
The investigation teams kept a watch at the banks in Coimbatore and Hyderabad to where funds had been transferred and nabbed people who came to withdraw money. The teams, led by inspector Suresh Mahadik, are interrogating the men in custody to learn about others in the racket, especially the kingpin.
The 13 transactions were done through Real Time Gross Settlement (RTGS), a system through which funds are transferred in real time by an account holder from one bank to another. "The money was transferred to 13 different bank branches in Bangalore, Chennai, Coimbatore, Hyderabad, Jharkhand, Tirunelveli and other places," a Worli police officer told TOI. "We managed to freeze accounts, but some funds have been removed."
Investigators said the cyber criminals followed a modus operandi similar to the one executed on January 31 when Rs 1 crore was siphoned off in Mulund from the current account of a cosmetics company. "Prima facie, the company officials may have responded to a Trojan mail sent by the fraudsters. The hacker then probably got the group's current account and username when officials logged in," said an investigator.
Investigators said the bank has provided the company with three usernames and passwords for net banking. "The cyber criminal had used the primary username and password and logged into the current account to transfer funds. The cyber criminals also transferred some funds from beneficiary accounts to third-party accounts," said an investigator.
Investigators have learnt from the arrested men that they allowed their bank accounts to be used in return for a good commission. "We also learnt that the hackers prefer late Friday nights or Saturdays to execute such online frauds, because it gives the victim lesser scope to block or freeze accounts. Banks are either shut on the weekends or operate half-day on Saturdays."
A case has been filed under Indian Penal Code sections 34 (common intention), 120-B (punishment for criminal conspiracy) and 420 (cheating), and under IT Act sections 65 (tampering with computer source documents), 66-B (dishonestly receiving stolen computer resources), 66-C (identity theft) and 66-D (cheating by impersonation by using computer resource).
Investigators have also sought details from the bank on whether it has followed Know Your Customer (KYC) norms.
A spokesperson for the bank said full cooperation is being extended to the police. "The police quickly caught the three men. Timely action taken by the bank to block beneficiary accounts has helped save large sums from getting siphoned off," said the official.
An RPG Group corporate communications official said, "We will unfortunately be unable to answer questions at this juncture. The incident is being investigated by the authorities and we are extending all the necessary cooperation for a rapid investigation."
www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE