SBI shuts website after hackers break in

The State Bank of India, the country’s largest bank, has had to shut down its corporate website after overseas hackers tried to break in.

While the bank said that transactions took place through www.onlinesbi.com, a senior SBI source said that the transactions were slow as the entire system was under watch.

The country’s largest bank decided to shut down its corporate website www.sbi.co.in on Wednesday evening when hackers blocked some of the pages. The bank also noticed unusually high traffic on its website on Wednesday.

Subsequently, the website was blocked with a ‘service unavailable’ or ‘our site is under maintenance’ pasted on www.sbi.co.in.

“We have informed the Reserve Bank of India and the cyber cell of the Mumbai Police, which are looking into the issue,” said a senior bank executive. The police and SBI suspect that the hackers are based overseas.

A Mumbai Police officer said that the cyber cell was investigating the complaint but did not share details: “It is big and the implications may be large.”

SBI sources, on their part, said that no evidence has been found of loss of data or consumers getting affected. “We suspect that the hackers wanted some information from the website and disrupt the whole system,” an executive, who did not wish to be named, said.

Out of SBI’s 2.7 million internet banking customers, 2.5 million are retail banking customers. In recent months, the bank has tried to push services such as e-trade and e-freight to lower transaction costs. As a result of the disruption, a host of transactions have been affected, especially since the suspension coincided with the year-end holidays.

The sites are maintained by the bank’s information technology department based out of the SBI Global IT Centre in Belapur. The department has been put on high alert and the bank is trying to restore services over the weekend.

SBI is the latest among Indian banks to face a threat from hackers. Banks routinely have to deal with phishing attempts and have over a period tried to sensitise their customers about not sharing details of their accounts over the internet.

According to a recent report by security firm Symantec, there were over 400 unique phishing attacks on reputed Indian banks during the second half of 2007. A report by MessageLabs, another security services company, indicated that phishing attacks rose 16 per cent between August and September and shot up by 103 per cent between September and October 2008.