A cyber attack on NIC Asia Bank was imminent as the banking institution had allowed Information Technology (IT) Department staff to use computers deployed for SWIFT transaction to perform tasks like checking personal e-mails.
A cyber attack on NIC Asia Bank, which reportedly lost millions of rupees last week in the biggest-ever cyber heist in Nepal, was imminent, as the banking institution had allowed staff of the Information Technology (IT) Department to use computers deployed for SWIFT (Society for Worldwide Interbank Financial Telecommunication) transaction to perform tasks like checking personal e-mails, the Post has learned.This lapse left the bank’s computers vulnerable to cyber attacks, “enabling malware”, or computer viruses, “to enter and corrupt the server”, according to sources who attended a meeting of IT heads of commercial banks called by the Nepal Rastra Bank (NRB), the banking sector regulator, on Monday. The bank, sources informed, had also given its staff remote access to the server on which SWIFT system was installed, which was another Achilles’ heel of the institution.
These vulnerabilities were exploited by unidentified hackers, who reportedly stole millions of rupees from the bank on Thursday, a public holiday when the country was celebrating Laxmi Puja. The money was stolen by “issuing around 31 fake instructions” via SWIFT, the global interbank payment system.
It is not exactly known how much money is missing from the bank’s coffers, as hackers “crashed” the server on which SWIFT software was installed, leaving the financial institution with no information of the heist. However, various sources the Post talked to put the stolen amount at around Rs 460 million.
Debates are now surfacing on whether the damage could have been contained had the bank filled its vacant positions of head and deputy head of the IT Department. The IT Department of the commercial bank, which has assets of over Rs101 billion, is currently being run by junior staff, as senior officials have left the company. These junior staffs do not have much clue about how hackers broke into the SWIFT system, sources said. It is now being said it was SWIFT, and not the bank’s IT staff, that tipped the management about the cyber attack after unusual transactions were detected at odd hours.
SWIFT is an interface that banks and financial institutions use to send instructions for fund transfers across the globe. Today, almost every banking institution in the world has its own unique SWIFT code based on which funds are moved to another institution. It is said over 90 percent of fund transfers in the world takes place through SWIFT.[News copied from https://goo.gl/SbRLxT]