The NIC Asia Bank requested the support of the Central Investigation Bureau of Nepal Police to track down the crooks who hacked the SWIFT server.
Once again hackers targeted SWIFT systems to steal money from a financial institution. The victim is the NIC Asia Bank that once discovered illegal fund transfer with its SWIFT server requested support from the Central Investigation Bureau of Nepal Police to track down the crooks.
NIC Asia Bank had carried out a forensic investigation with the support of experts from KPMG India and submitted its findings to Nepal Rastra Bank. NIC Asia Bank also sent the report of the initial investigation to the Central Investigation Bureau.
Pushkar Karki, deputy inspector general of Nepal Police and chief of CIB, confirmed that the payment order was placed by hackers who compromised the bank’s SWIFT server.
“CIB has started investigating how the server was hacked,” said Karki. “Our investigation will reveal whether or not the bank had adopted proper safeguards and which party was involved in the hacking.”
The official said NIC Asia Bank recently sought CIB support after the initial investigation carried out by KPMG and NRB.
“NIC Asia’s reluctance to report the case to CIB and the ‘inconclusive’ investigation carried out by KPMG had raised doubts whether a foreign party was involved in the illegal transfer of fund or it was an insider job.” reported The Himalayan Times.
CIB is investigating the incident with the support of both the central bank and NIC Asia Bank. NIC Asia Bank immediately reported the security breach to NRB after it discovered the suspicious transactions through its SWIFT server.
The SWIFT server of NIC Asia Bank was hacked during Tihar and the hacker tried to transfer the money to various parties in six countries, including Japan, UK, the US, and Singapore, through Standard Chartered New York and Mashreq Bank New York, through which the bank operates its foreign currency accounts.
The collaboration with the central bank and the other banks, NIC Asia was able to block the fraudulent transactions except for around Rs 60 million that was reportedly released to the concerned parties.
The overall amount of money retrieved by the bank was around Rs 460 million, Rs 400 million has been retrieved.
“A separate investigation carried out by the central bank immediately after NIC Asia Bank notified the regulator revealed that staffers assigned to operate the SWIFT system of the bank had used a computer dedicated for SWIFT operation for other purposes also.” added The Himalayan Times
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.