Hackers: Please tell us how you did it!
IT is reported that a state-owned bank lost $250,000 (Tk 2 crore) to cyber-crooks, who allegedly hacked into the bank's security system (DS February 23, 2014). The crime took place in September last year while one of its branches was transferring the amount to the United Kingdom on behalf of its client in Bangladesh. The money was stolen by London-based hackers, who transferred it to Turkey. An official of the state-run bank was suspended for alleged involvement in the cyber-theft.
Last month, it was reported that 30 to 35 accounts of a private bank had been hacked. Between October and November last year, hackers transferred around Taka twenty lac to other accounts without the knowledge of the account holders. It is suspected that the hackers did so as an experiment to determine the risks involved in such embezzlement. According to the Bangladesh Bank, the internet banking system of the bank was not fully automatic.
Bangladesh Institute of Bank Management (BIBM) studied 50 such fraud cases. According to their findings, 30% of the banks are vulnerable to cyber-frauds. Among the cases studied, 43% of the frauds took place with ATM and plastic cards, 25% with mobile banking, 15% with cheque processing and e-fund transfer, and 12% with internet banking. It is thus obvious that frauds are wide-spread in our country and the hackers are smarter than the security experts of our banks since they go scot-free in most of the cases.
Bank frauds are not unique in Bangladesh and take place all over the world. It is interesting to note that even though the names of the banks with fraud cases are widely publicised in our country, foreign banks rarely disclose the incidents to the public. This is done in order to preserve the goodwill of the banks, even though the hackers, particularly in the western countries, are identified and caught in most cases.
A couple of decades ago, I read a story about a US bank employee who managed to flee from the country after electronically stealing several million dollars. Unable to find how the theft was committed, the bank authorities secretly contacted the employee and assured him that he would neither be required to refund any stolen money nor will he be liable to any legal action only if he disclosed how he transferred the money! The idea was to improve the bank's security system with the cooperation of the hacker!
I wonder if our banks are at the same stage like the US bank was decades ago and would like to grant immunity to the hackers in exchange for disclosing how they did it!
The writer is a former chief engineer of Bangladesh Atomic Energy Commission.
Comments