Hackers swipe $2m from India’s City Union Bank via Swift

Probably not the actual hacker

Swiftly following on from the Russia hack, India’s City Union Bank reveals it was hacked and that nearly $2 million was transferred to lenders overseas via the Swift payments messaging system.

As reported earlier today (19 February), hackers stole RUB 339.5 million ($6 million) from a Russian bank last year using Swift’s payments messaging system. It was only recently (and quietly) reported by the nation’s central bank.

In the latest misdemeanour, City Union disclosed on 17 February it had discovered the three “fraudulent remittances”, which were sent via correspondent banks to accounts in Dubai, Turkey and China.

N. Kamakodi, CEO of City Union, called it a “conspiracy” involving multiple countries, and the bank is still investigating how it happened.

“This is basically a cyberattack by international cyber criminals,” he tells Reuters in a phone interview.

Kamakodi adds that they saw “so far no evidence of any internal staff involvement,” but says “we are very clear now the account holders are part of this conspiracy”.

According to Reuters, City Union said it was able to block one of the remittances, totalling $500,000, that was being sent through a Standard Chartered account in New York to a Dubai-based lender.

A second transfer of €300,000 euros was routed through a Standard Chartered account in Frankfurt to a Turkish account, although the Turkish lender had blocked the transfer from being finalised.

Good things don’t come in threes, as the third one, totalling $1 million, was sent through a Bank of America account in New York to a China-based bank, which Kamakodi on 18 February identified as Zhejiang Rural Credit Cooperative Union in Hangzhou, China.

Kamakodi says the bank is working with Indian authorities to work with affected countries to investigate what happened and it is also strengthening its internal monitoring systems.

These hacks don’t end here, as in a separate attack Punjab National Bank in India said a few days ago it had been the victim of a $1.7 billion fraud, although that case is suspected to involve the transfer of unauthorised loans from bank employees.

Here we go again

As detailed in the Russian hack story earlier, all these cyberattacks are not uncommon. In December, hackers attempted to steal RUB 55 million ($975,000) from Russian state bank Globex using Swift’s system.

As reported in 2016, Bangladesh Bank said a total of $101 million was “wrongly transmitted”, of which $20 million went to a Sri Lankan bank. This involved sending a series of requests for the New York Federal Reserve to transfer large tranches of money from its account there.

The NY Fed said at the time: “The payment instructions in question were fully authenticated by the Swift messaging system in accordance with standard authentication protocols.”

Also in 2016, Symantec found evidence that the Odinaff group mounted attacks on Swift users, using malware to hide customers’ own records of Swift messages relating to fraudulent transactions.

That was bad news for Swift but its fight back against these attacks has been extensive and ongoing. It has spoken strongly on the subject and unveiled SwiftSmart modules to help its customers operate their Swift environment “securely and in-line with best practice”.

The modules were also a “critical part” of its Customer Security Programme launched in May 2016. That five-part plan was a result of various hacking incidents.