NIC Asia cyber heist: Bank’s weakness helped criminals to hack into its system

Tech October 24, 2017 13:44

By The Kathmandu Post/ANN

4,240 Viewed

KATHMANDU- A cyber attack on NIC Asia Bank was imminent as the banking institution had allowed Information Technology (IT) Department staff to use computers deployed for SWIFT transaction to perform tasks like checking personal e-mails.



A cyber attack on NIC Asia Bank, which reportedly lost millions of rupees last week in the biggest-ever cyber heist in Nepal, was imminent, as the banking institution had allowed staff of the Information Technology (IT) Department to use computers deployed for SWIFT transaction to perform tasks like checking personal e-mails, the Post has learned.This lapse left the bank’s computers vulnerable to cyber attacks, “enabling malwares”, or computer viruses, “to enter and corrupt the server”, according to sources who attended a meeting of IT heads of commercial banks called by the Nepal Rastra Bank (NRB), the banking sector regulator, on Monday. The bank, sources informed, had also given its staff remote access to server on which SWIFT system was installed, which was another Achilles’ heel of the institution.

These vulnerabilities were exploited by unidentified hackers, who reportedly stole millions of rupees from the bank on Thursday, a public holiday when the country was celebrating Laxmi Puja. The money was stolen by “issuing around 31 fake instructions” via SWIFT, the global interbank payment system.

It is not exactly known how much money is missing from the bank’s coffers, as hackers "crashed" the server on which SWIFT software was installed, leaving the financial institution with no information of the heist. However, various sources the Post talked to put the stolen amount at around Rs460 million.

Debates are now surfacing on whether the damage could have been contained had the bank filled its vacant positions of head and deputy head of the IT Department. The IT Department of the commercial bank, which has assets of over Rs101 billion, is currently being run by junior staff, as senior officials have left the company. These junior staff do not have much clue about how hackers broke into the SWIFT system, sources said. It is now being said it was SWIFT, and not the bank’s IT staff, that tipped the management about the cyber attack after unusual transactions were detected at odd hours.

SWIFT is an interface that banks and financial institutions use to send instructions for fund transfers across the globe. Today, almost every banking institution in the world has its own unique SWIFT code based on which funds are moved to another institution. It is said over 90 percent of fund transfers in the world take place through SWIFT. “SWIFT is a very secure medium for fund transfer... we don’t know how the bank’s system came under attack,” NRB Deputy Spokesperson Rajendra Pandit said.

The NRB is currently gathering forensic evidence.

“A team of the NRB visited the bank again today to take stock of the situation. We will know exactly what happened after the study is complete,” Pandit said.

So far, the NRB has not found any evidence to directly link anyone to this attack. But it has not ruled out the possibility of involvement of bank’s staff in the attack.

After the cyber attack was exposed, the NRB had written to international banks and central banks of different countries not to entertain transactions generated from NIC Asia. “Following this, the bank has gradually started recovering funds that were stolen,” Pandit said stopping short of giving the details.

The Post could not contact NIC Asia officials.