Pakistan-based hacker defaces Canara Bank site, tries to block e-payments
MUMBAI: Amid frosty relations with Pakistan, a hacker from the neighbouring country has attacked Canara Bank, one of India’s largest lenders. On August 2, the hacker, who calls himself Faisal, defaced the bank’s site by inserting a malicious page and tried to block some of the bank’s e-payment services.
Within 24 hours of the attack, the Reserve Bank of India, in a letter marked ‘confidential’, advised bank chairmen to review funds lying in their bank’s (overseas) nostro accounts and carry out hourly reconciliation of payment emails by comparing outward messages with SWIFT confirmations.
SWIFT is the global financial messaging service banks use to move millions of dollars every day.
“We have filed an FIR with the cyber crime department of the police. The bank immediately took note of the attack and isolated the server and diverted the traffic to a standby server,” a senior Canara bank official told ET.
The hacker had used an URL to insert the page on bank’s site but could not access data.
“There was no loss..As of now we are seeing 20,000 online payment transactions,” said the official. The hacker, who unsuccessfully tried to disrupt tax payments by Indians, left a message which read, “Government of India website stamped by Faisal 1337. We are a team of Pak Cyber Attackers. Go Home Kiddo. Need Security? Contact me: www.facebook.com/Pakistan1337. Pakistan Zindabad” The cyber strike, coming a fortnight before the Independence Day celebrations, is redolent of a similar attack last year.
In July 2015, two large private sector banks and one government bank had to grapple with a cyber menace known as “distributed denial of service”. A DDOS attack (in cyber parlance) is often mistaken as normal traffic overload on the Net. In mounting such strikes, hackers, who are spread across the world and either sympathetic to lost causes or indulging in the game of extortion, virtually ‘take over’ thousands of computers in various destinations; they divert traffic from these terminals to clog the systems of targets like banks and ecommerce firms. (According to an ethical hacker, many e-commerce firms with rudimentary cyber security checks are more vulnerable than banks.) The August 3 Reserve Bank note to banks is also linked to the last month’s cyber attack on Union Bank which narrowly escaped a $160mn fraud.