Pak­istan-based hacker de­faces Ca­nara Bank site, tries to block e-pay­ments

SP's MAI - - INTERNAL SECURITY BREACHES -

APak­istani hacker has re­port­edly de­faced the web­site of Ca­nara Bank, one of In­dia’s largest lenders. On Au­gust 2, the hacker, who calls him­self Faisal, de­faced the bank’s site by in­sert­ing a ma­li­cious page and tried to block some of the bank’s e-pay­ment ser­vices.

Within 24 hours of the at­tack, the Re­serve Bank of In­dia (RBI), in a let­ter marked ‘con­fi­den­tial’, ad­vised bank chair­man to re­view funds ly­ing in their bank’s (over­seas) nos­tro ac­counts and carry out hourly rec­on­cil­i­a­tion of pay­ment e-mails by com­par­ing out­ward mes­sages with SWIFT con­fir­ma­tions.

SWIFT is the global fi­nan­cial mes­sag­ing ser­vice banks use to move mil­lions of dol­lars ev­ery day. “We have filed an FIR with the cy­ber crime depart­ment of the po­lice. The bank im­me­di­ately took note of the at­tack and iso­lated the server and di­verted the traf­fic to a standby server,” a se­nior Ca­nara Bank of­fi­cial told Eco­nomic Times.

The hacker had used an URL to insert the page on bank’s site but could not ac­cess data. “There was no loss. As of now we are see­ing 20,000 on­line pay­ment trans­ac­tions,” said the of­fi­cial. The hacker, who un­suc­cess­fully tried to dis­rupt tax pay­ments by In­di­ans, left a mes­sage which read, “Gov­ern­ment of In­dia web­site stamped by Faisal 1337. We are a team of Pak Cy­ber At­tack­ers. Go Home Kiddo. Need Se­cu­rity? Con­tact me: www.face­book.com/ Pak­istan1337. Pak­istan Zind­abad” The cy­ber strike, com­ing a fort­night be­fore the In­de­pen­dence Day cel­e­bra­tions, is redo­lent of a sim­i­lar at­tack last year.

Ac­cord­ing to an eth­i­cal hacker, many e-com­merce firms with rudi­men­tary cy­ber se­cu­rity checks are more vul­ner­a­ble than banks. The Au­gust 3 Re­serve Bank note to banks is also linked to the last month’s cy­ber at­tack on Union Bank which nar­rowly es­caped a $160 mil­lion fraud. The hack­ers had in­fil­trated the bank to com­pro­mise the cre­den­tials of the bank em­ployee which ad­min­is­ters SWIFT ser­vice. Among other con­trol mea­sures, RBI in its let­ter told banks to im­ple­ment time re­stric­tions for ac­cess to SWIFT and cur­rency-wise mes­sage lim­its.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.