ISLAMABAD - In one of the country’s biggest breach of data of commercial banks, hackers have stolen online data containing details of citizens’ accounts and depriving many of large amounts of money from almost all Pakistani banks, the Federal Investigation Agency (FIA) said on Tuesday.
Director FIA’s Cyber Crime Wing Capt (r) Mohammad Shoaib disclosed that hackers have stolen data from “almost all” Pakistani banks in a recent breach of banks’ security systems. FIA has registered 100 cases in the light of citizens’ complaints and some arrests have been made in this regard, he said.
“We ourselves are analysing the complaints and hacked data as banks have not reported to us,” FIA director said while talking to a private TV channel. He said the matter of concern was that banks used to hide such type of frauds and it was their customers who report to the Cyber Crime Wing. “We have noticed that data of almost all major banks of the country has been compromised,” he said, adding that hackers based outside Pakistan were involved in this security breach.
Capt (r) Muhammad Shoaib said that FIA had written a letter to all banks in this regard and a meeting comprising representatives of all banks was being summoned to look into the matter. The meeting will look into the weaknesses of security systems of banks to avoid such online breaches in future.
The official said that banks were responsible to protect money of their clients and he held responsible the banks for weak security features that allowed the hacker to breach their systems.
The director said FIA had arrested a gang of fraudsters who impersonated themselves as army personnel and got secret details from the customers about their bank accounts. Later, they fraudulently used the information to withdraw money from their bank accounts. He said that the data of Bank Islami was breached recently.
According to some digital security websites, data of some 8,000 accounts had been sold to hackers’ market. Recently, around 10 banks have blocked all international transactions on their cards after reports were circulated that their data had been hacked. Banks have also brought into the notice of State Bank of Pakistan (SBP) about their decision to block international transactions international payments on debit and credit cards.
Next day, the SBP issued directives to all banks to ensure that security measures on all information technology systems — including those related to card operations — are continuously updated to meet future challenges, ensure real-time monitoring of card operations related systems and transactions and immediately coordinate with all the integrated payment schemes, switch operators and media service providers.
senior Police Officer a victim
Former Inspector General of Police (IGP) Islamabad Tariq Masood Yasin is also among the victims of this breach of banks’ data as hackers have withdrawn Rs0.2 million from his official salary account. An FIA official confirmed that the Cyber Crime Wing had received a complaint about the theft. He said that ATM card of Mr Yasin, presently posted in Punjab Police, was skimmed by the fraudsters and the amount was withdrawn from an ATM of a bank located in Sector G-6 of Islamabad, When FIA sought CCTV footage of the ATM cabin, the bank staff said that footage was not available as the ATM was dysfunctional due to maintenance, the FIA official said.
Scientist deprived of hard-earned money
The former chief scientist of Khan Research Laboratories (KRL) Dr Mohammad Yousuf Khilgi on Monday approached the Supreme Court saying that hackers has withdrawn his hard earned money amounting Rs3 million from his account in Bank Islami Pakistan Limited .
However, an FIA official said that the bank has credited the money to Khilji’s account after the Cyber Crime Wing questioned it about the heist.
In a written appeal filed in the complaint cell of the apex court Dr Khilji said that some hackers took away the amount fraudulently taking advantage of the loopholes in the online banking system of the bank.
Dr Khilji said that he had received a phone call on his cell number on October 25, 2018 and person impersonating as some official of the bank sought some details about his account and his personal identity card number, which he had given. He said that he even told about the phone call to relevant branch’s Operation Manager but he turned a deaf ear to the complaint and later on, the heist took place.
He further informed that the amount of Rs3 million was withdrawn from the account in just 17 hours and the bank management had neither bothered nor checked with him about the massive withdrawal in most dubious fashion. He in his appeal maintained that he had approached even the top management of Bank Islami but it was not ready to pursue his case.
IT security of one bank compromised: SBP
Staff Reporter from Karachi adds: State Bank of Pakistan in a statement has categorically denied news items that the data of most banks had been hacked. SBP rejected such reports with utmost concern.
There is no evidence to this effect nor has this information been provided to SBP by any bank or law-enforcement agency, SBP stated. “We would like to emphasise that except for the incident of October 27th, 2018 in which reportedly the IT security of one bank was compromised, no breach has been reported,” SBP said.
Nevertheless, SBP has already instructed all banks to take steps to identify and counter any cyber threat to their systems in coordination with international payment schemes, SBP added.
Representatives of payment schemes have also assured that all steps are being taken to help banks in identifying any cyber threat on card systems and have offered additional controls to them.
In addition to the above, some banks are putting in place further precautionary measures while others are confident of the security of their systems and continue to make all card transactions fully available to their customers, SBP said.
The precautionary measures by some banks, include partial restrictions, such as requiring customers to seek prior approval for use in cross-border transactions, or in a few banks, a total restriction on cross border transactions.
However, SBP has been assured that all these temporary restrictions would be lifted once appropriate IT security measures are in place.
SBP stated that all restrictions pertain only to cross-border transactions and no bank has instituted any restriction on domestic transactions.
SBP is engaged with the international payment schemes, payment operators and banks to monitor the current situation continuously to ensure security of the banking system, SBP stated.
Hackers stole data from ‘almost all’ banks: FIA