Hackers Hacked Nepalese Bank SWIFT Server: $4.4 million stolen

Cyber criminals reportedly hacked into the electronic fund transfer system of Nepal’s private-sector bank NIC ASIA. Hackers tried to make illegal payment worth millions of rupees from the bank accounts using the Society for Worldwide Interbank Financial Telecommunication (SWIFT) electronic money transfer system.

NIC ASIA Bank is one of the largest private sector commercial banks in the Nepal with 78 branches across Nepal.

Brussels-based SWIFT or Society for Worldwide Interbank Financial Telecommunication provides a network that enables financial institutions worldwide to send and receive information about financial transactions in a secure environment. The majority of international interbank messages use the SWIFT network. As of 2015, SWIFT linked more than 11,000 financial institutions in more than 200 countries and territories, who were exchanging an average of over 15 million messages per day.

Hackers last month made about $4.4 million in fraudulent transfers from Kathmandu-based NIC Asia Bank to countries including Britain, China, Japan, Singapore and the United States when the bank was closed during Tihar – aka Deepawali or Diwali – a five-day Hindu festival and one of Nepal’s biggest holidays. 

So far, the country’s central bank Nepal Rastra Bank NRB was able to recover $3.9  million, although $580,000 had already been released to overseas bank accountholders, the Nepal’s news service reports.NRB officials said “We have also written to international banks and central banks of different countries not to entertain transactions generated from NIC Asia,”

After forensic investigation of illegal fund transfer with its SWIFT server, NIC Asia Bank has sought support from the Central Investigation Bureau of Nepal Police to track down the hacker.

NIC Asia Bank had carried out forensic investigation with support of KPMG India and submitted its report to Nepal Rastra Bank. It also shared the findings of the initial investigation with CIB.

Pushkar Karki, deputy inspector general of Nepal Police and chief of CIB, said initial investigation showed the payment order was placed by hacking the bank’s SWIFT server. “CIB has started investigating how the server was hacked,” said Karki, adding, “Our investigation will reveal whether or not the bank had adopted proper safeguards and which party was involved in the hacking.”

When various news channels approached SWIFT said it does not comment on individual entities.

A SWIFT spokesperson said:”When a case of potential fraud is reported to us, we offer our assistance to the affected user to help secure its environment.”

“We subsequently share relevant information on an anonymised basis with the community. This preserves confidentiality, whilst assisting other SWIFT users to take appropriate measures to protect themselves. We have no indication that our network and core messaging services have been compromised”.

A separate investigation carried out by the central bank immediately after NIC Asia Bank notified the regulator revealed that staffers assigned to operate the SWIFT system of the bank had used a computer dedicated for SWIFT operation for other purposes also.

In 2015, a report prepared by the Russia-based computer security firm Kaspersky Lab had said international cybercriminals had attempted to attack financial institutions in Nepal using a malware called Carbanak.

Jahnavi M
Vulnerability analyst, Technical Writer, Security Blogger, Co-founder---SecKurity

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: