International hackers have stolen about Rs 40 crores from NIC Asia bank overnight. This was caught as the funds were not matching while checking after Laxmi Puja. It is a attack on SWIFT system of the bank. Some of the money has been recovered while remaining amount is already transferred to overseas. This has alarmed whole Cyber Security and banking system of Nepal.
Few years back Kaspersky Russia reported international hackers trying to attack Nepali online banking space using a malware. SWIFT was the vulnerability in this attack. Full form of SWIFT is Society for Worldwide Interbank Telecommunication. There are codes which help transferring money from one institution to another.
Hackers did many small transactions to do this heist. It is one of the biggest Cyber Crime in Nepal. All Nepali citizens are already aware of ATM forgery and theft which is rampant. This new additional threat is now challenging everyone. Customers, banks, central bank should be aware now more than ever.
NIC Asia customer’s money is safe in their account because this is not account level theft. Many thieves and hackers usually take small amount of money from each account which accumulates to huge amount and customers also don’t know. This is a common malpractice or activity.
Nepal Rastra Bank has requested central bank of other countries to stop the transfer of looted money of NIC Asia. According to some sources, it is due to malware attack in NIC Asia’s SWIFT code system. Many other banks also suffered such attacks in past which was bad.
Scenario and Suggestions
Many banks in Nepal don’t have EV SSL Certificates which is disappointing. We checked NIC Asia’s online banking site after heist and it is just normal SSL Certificate. Many security experts have pointed and told us about banks having security vulnerability in their system. The institutions usually don’t show eagerness to solve such issue.
There are many problems in current situation. The online banking, e-banking are growing slowly but the development in security solutions is very weak. You may be surprised but the ATM/Debit card swiping in shopping malls is also filled with security threat. We suggest you to be very aware while using your cards. Here are some advice that you can follow to make your banking safe.
- Always use genuine and updated Antivirus on your computer.
- Use Incognito mode while using online banking services.
- Keep strong long passwords with all types of special characters, numbers and alphabets combination.
- Regularly change your passwords.
- Check for fake keyboard in ATM Stations and camera on the machine.
- Cover your hand before dialing pin in ATM booth.
- If you banks website doesn’t have SSL Certificate (Green Pad Lock sign on left side at address) then don’t use their service and complaint against it.
- Never share information and credentials to anyone.
Nepal is in desperate need of Police Cyber Cell with advanced technical power to cope with these and other criminal activities. Banking institutions also need to hire white hat hackers to find problems in order to patch them up. Overall we all should be aware and strengthen our account security as far as we can.