Bank Muscat suffers $39 M loss

Hacking of a Credit Card payment processing service provider in Bangalore has reportedly caused compromise of sensitive customer data for a Muscat Bank resulting in a loss of US$39 million. The Bank has claimed that no customer has suffered a loss. (Report). This means that the Bank is going to absorb the loss and does not try to transfer it to the customer on some pretext.

According to a NewYork Times report, the operation involved people in more than two dozen countries acting in close coordination. In New York City alone the thieves withdrew about S 2.4 million from ATMs in over 2904 machines over a period of 10 hours.

The entire exercise involved “Hacking”, “Manipulation of information” and many street criminals to withdraw cash. Police have arrested 8 persons in New York in this connection and tried to unravel the modus operandi. . The incident indicates how the criminals were able to steal data from banks in one country, relay that information to a far-flung network of  cashing crews, and then have the stolen money laundered in purchases of luxury items like Rolex watches and expensive cars. It is reported that some of the thieves were carrying money in bulging carry bags reminding one of movie scenes of the “Ocean” series.

As a first stage  of the operation, hackers infiltrated the system of an  Indian credit-card processing company that handles Visa and MasterCard prepaid debit cards. Then the hackers,  raised the withdrawal limits on prepaid MasterCard debit accounts issued by the National Bank of Ras Al-Khaimah, also known as RakBank, which is in United Arab Emirates. Then  by using prepaid cards, the thieves were able to take money without draining the bank accounts of individuals, which might have set off alarms more quickly.

The first set of operations were done in December 2012. With five account numbers in hand, the hackers distributed the information to individuals in 20 countries who then encoded the information on magnetic-stripe cards. On Dec. 21, the cashing crews made 4,500 A.T.M. transactions worldwide, stealing $5 million using the cloned cards.

After this, the organization grew bolder, and two months later it struck again — this time nabbing $40 million. On Feb. 19, cashing crews were in place at A.T.M.’s across Manhattan and in two dozen other countries waiting for word to spring into action.

This time, the hackers had infiltrated a credit-card processing company based in the United States that also handles Visa and MasterCard prepaid debit cards. After securing 12 account numbers for cards issued by the Bank of Muscat in Oman and raising the withdrawal limits, the cashing crews were set in motion. Starting at 3 p.m., the crews made 36,000 transactions and withdrew about $40 million from machines in the various countries in about 10 hours.  This included  New York City where, a team of eight people made 2,904 withdrawals, stealing $2.4 million.

By all accounts this appears to be one of the “Great E Banking Robberies” of our times and the impact could be huge. It is not only the individuals who should be concerned about such a crime affecting them individually, but the Bankers themselves who should appreciate the level of risk that they are exposed to in such transactions.

Additionally we also observed in Mangalore an ATM theft of cash by two employees of a Cash loading firm (See report here) it is clear that Indian Banks are sitting on a volcano called “Unsafe E Banking”. At this level the incident isto be treated actually a “National Risk” which may seriously hurt the Indian economy and take suitable steps to address these risks.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Crime, ITA 2008. Bookmark the permalink.

2 Responses to Bank Muscat suffers $39 M loss

  1. Ι’m extremely impressed with your writing skills and also with the layout on your weblog. Is this a paid theme or did you modify it yourself? Either way keep up the excellent quality writing, it is rare to see a great blog like this one these days.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.