Hackers that attempted to lift about $2 million from India’s City Union Bank earlier this month used similar tactics to those observed during the $81 million bank heist in Bangladesh two years ago, according to a statement from City’s CEO.
“Nobody suspected that it was an attack and thought it was a systemic network failure,” N. Kamakodi told Reuters by phone. “The system department people, everybody assembled, analyzed the problem, rebooted, they closed shop only around 10-10.30 in the night.”
The hack was discovered the following morning, when a true-up revealed thee transactions that did not actually originate with their bank. The bank had been able block only one of the transfers, worth $500,000, when news of the attack broke over the weekend.
The Bangladesh hack saw implanted malware used to disable the SWIFT printer such that network administrators mistook the hack for a problem with a printer. The cybercriminals were then able to steal funds from the Bangladeshi central bank’s New York Federal Reserve accounts by generating fraudulent orders on SWIFT.
The money was sent to accounts at Manila-based Rizal Commercial Banking Corp and then disappeared into the casino industry in the Philippines — two years later, the crime is unsolved, and authorities have only been able to recover about $15 million.
“We definitely see similarities between the Bangladesh case, and the similarities are being factored into the investigation,” Kamakodi noted.
City Union is a small private lender. The transfer instructions were sent via correspondent banks to accounts in Dubai, Turkey and China. Kamakodi has confirmed that SWIFT is helping it investigate the matter — particularly how it happened despite the bank adding new security measures days before.
“It’s a cat and mouse game,” he said.