 "Cybertheft attempt on Union Bank of India resembles Bangladesh heist")
Cyberthieves who attempted to steal $170 million from an Indian bank last July used methods that strongly resemble those of an earlier, successful $81 million heist targeting Bangladesh’s central bank, according to people familiar with the matter.
The similarities between the Indian and Bangladeshi hacks underscore concerns about a rash of cyberattacks in recent months on financial institutions around the world, including banks in the U.S., Mexico, Poland and the U.K. Some of these hacks have been linked to groups affiliated with North Korea, cybersecurity specialists said earlier this year.
State-owned Union Bank of India Ltd.’s computer system was infected with malware that allowed thieves to authorize the transfer of around $170 million from the bank’s account in New York to private accounts in five locations, people familiar with the matter said. Fast detection by bankers allowed the Indian lender to prevent the money’s release.
Investigators studying the Indian hack said similar tactics and coding were used by computer criminals who attempted to steal nearly $1 billion from Bangladesh’s account at the Federal Reserve Bank of New York in February of last year. Many orders had been filled with misspellings and formatting errors, and the Fed blocked some of the withdrawal—but the thieves were able to move about $81 million to accounts in the Philippines.
U.S. prosecutors are building cases that would accuse North Korea of directing the Bangladeshi attack. North Korea’s mission to the United Nations didn’t respond to requests for comment.
This account of the Union Bank of India hack is based on interviews with Arun Tiwari, the bank’s chairman, and several other people familiar with the incident.
The attack on Union Bank began in late July last year when an employee opened an attachment on an email that appeared to have come from India’s central bank, Mr. Tiwari said. That action activated a piece of malware that allowed the hackers to steal Union Bank’s access codes for the international messaging system banks use to authorize cross-border transactions, known as the Society for Worldwide Interbank Financial Telecommunication, or Swift.
The hackers then used those codes to send authentic-looking instructions to a Union Bank account at Citigroup Inc. in New York, which handles processing of wire transfers and clears dollar transactions. The instructions ordered around $170 million to be sent to accounts in Thailand, Cambodia, Australia, Hong Kong and Taiwan.
The money went to several shell companies associated with Asian—in particular Chinese—organized crime syndicates, according to a person familiar with the matter.
The cybercriminals behind the Bangladesh heist similarly stole bank codes to place fake transfer orders. Swift in November said banks using its network had sustained fresh attacks from hackers since the Bangladesh heist. Swift declined to comment on whether Union Bank of India was one of those banks, although Mr. Tiwari said Swift officials have been working with Union Bank since the day of the hack.
Swift generally creates two reports per transaction: one sent to the originating bank, in this case, Union Bank, and another to the so-called correspondent bank handling the overseas transactions, which was Citigroup. The correspondent bank then forwards its report to the originating bank the next day, so it can cross-check the transactions.
On July 21, an employee in Union Bank’s treasury department who was comparing the reports found that Citigroup had executed six transactions that Union Bank hadn’t intended to authorize. He notified senior executives of the mismatch, and the bank immediately began trying to get the money back.
“This [office] was a war room that day,” Mr. Tiwari said.
Union Bank recovered the money sent to Thailand, Cambodia, and Australia—more than half of the total—within 24 hours. It got a court order in Hong Kong to retrieve the rest of the funds, and had gotten all of its money back by July 24.
Employees on Citigroup’s cybersecurity team observed similarities in how the malware behaved in the Union Bank attack and that used in the attack on Bangladesh’s central bank. Citigroup is an intermediary bank for the New York Fed, which gives it visibility into certain transactions.
Ernst & Young LLP, which was hired by Union Bank to investigate the hack and its aftermath, also concluded it had been executed similarly to the attack on the Bangladesh central bank, according to Mr. Tiwari. In both cases the malware reached the target banks by emails addressed to employees, and took control of Swift functions at the originating bank, a person familiar with the attack said.
Both hacks also disabled computer systems that create automatic logs of the transactions, another person familiar with the matter said.
—Robert McMillan contributed to this article.
Source: The Wall Street Journal
The similarities between the Indian and Bangladeshi hacks underscore concerns about a rash of cyberattacks in recent months on financial institutions around the world, including banks in the U.S., Mexico, Poland and the U.K. Some of these hacks have been linked to groups affiliated with North Korea, cybersecurity specialists said earlier this year.
State-owned Union Bank of India Ltd.’s computer system was infected with malware that allowed thieves to authorize the transfer of around $170 million from the bank’s account in New York to private accounts in five locations, people familiar with the matter said. Fast detection by bankers allowed the Indian lender to prevent the money’s release.
Investigators studying the Indian hack said similar tactics and coding were used by computer criminals who attempted to steal nearly $1 billion from Bangladesh’s account at the Federal Reserve Bank of New York in February of last year. Many orders had been filled with misspellings and formatting errors, and the Fed blocked some of the withdrawal—but the thieves were able to move about $81 million to accounts in the Philippines.
U.S. prosecutors are building cases that would accuse North Korea of directing the Bangladeshi attack. North Korea’s mission to the United Nations didn’t respond to requests for comment.
This account of the Union Bank of India hack is based on interviews with Arun Tiwari, the bank’s chairman, and several other people familiar with the incident.
The attack on Union Bank began in late July last year when an employee opened an attachment on an email that appeared to have come from India’s central bank, Mr. Tiwari said. That action activated a piece of malware that allowed the hackers to steal Union Bank’s access codes for the international messaging system banks use to authorize cross-border transactions, known as the Society for Worldwide Interbank Financial Telecommunication, or Swift.
The hackers then used those codes to send authentic-looking instructions to a Union Bank account at Citigroup Inc. in New York, which handles processing of wire transfers and clears dollar transactions. The instructions ordered around $170 million to be sent to accounts in Thailand, Cambodia, Australia, Hong Kong and Taiwan.
The money went to several shell companies associated with Asian—in particular Chinese—organized crime syndicates, according to a person familiar with the matter.
The cybercriminals behind the Bangladesh heist similarly stole bank codes to place fake transfer orders. Swift in November said banks using its network had sustained fresh attacks from hackers since the Bangladesh heist. Swift declined to comment on whether Union Bank of India was one of those banks, although Mr. Tiwari said Swift officials have been working with Union Bank since the day of the hack.
Swift generally creates two reports per transaction: one sent to the originating bank, in this case, Union Bank, and another to the so-called correspondent bank handling the overseas transactions, which was Citigroup. The correspondent bank then forwards its report to the originating bank the next day, so it can cross-check the transactions.
On July 21, an employee in Union Bank’s treasury department who was comparing the reports found that Citigroup had executed six transactions that Union Bank hadn’t intended to authorize. He notified senior executives of the mismatch, and the bank immediately began trying to get the money back.
“This [office] was a war room that day,” Mr. Tiwari said.
Union Bank recovered the money sent to Thailand, Cambodia, and Australia—more than half of the total—within 24 hours. It got a court order in Hong Kong to retrieve the rest of the funds, and had gotten all of its money back by July 24.
Employees on Citigroup’s cybersecurity team observed similarities in how the malware behaved in the Union Bank attack and that used in the attack on Bangladesh’s central bank. Citigroup is an intermediary bank for the New York Fed, which gives it visibility into certain transactions.
Ernst & Young LLP, which was hired by Union Bank to investigate the hack and its aftermath, also concluded it had been executed similarly to the attack on the Bangladesh central bank, according to Mr. Tiwari. In both cases the malware reached the target banks by emails addressed to employees, and took control of Swift functions at the originating bank, a person familiar with the attack said.
Both hacks also disabled computer systems that create automatic logs of the transactions, another person familiar with the matter said.
—Robert McMillan contributed to this article.
Source: The Wall Street Journal
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%