HYDERABAD: Hyderabad Cybercrime sleuths have cracked the case of the Mahesh Bank server hacking in which Rs 12.9 crore had been siphoned off from the bank’s chest account and transferred into various accounts opened expressly to receive the loot in January this year.
The police identified 398 such accounts and have so far arrested those who opened 23 accounts, including the key conspirator Ikpa Stephen Orju, a Nigerian national. But the police could not reach the mastermind as he is out of the country.
According to Hyderabad Police Commissioner CV Anand, the mastermind’s IP address sometimes showed his location as London and sometimes as Switzerland. “The cybercrime sleuths came to know that the key player was on the job of hacking into the computer of the Mahesh Bank since June last year and he finally managed to break into the server on January 23,” he said.
Suspecting the hacker to be Nigerian as the handiwork seemed similar to the Telangana State Co-operative Apex Bank scam that took place in July, 2021 in which Rs 1.29 crore had been siphoned off, the police looked hard into the Mahesh Bank case and found that the same software that was used to break into State Cooperative Apex Bank was also used to overcome the firewalls that were supposed to protect the Mahesh Bank server.
The modus operandi used by the hacker involved the use of avant-garde technology. The hacker first opened four bank accounts in June last year in the name of different enterprises. He then sent phishing mails to 200 bank employees in November and they were opened by two employees, which helped the hacker break into the bank’s server on January 6.
After a connection has been built, he used Key Logger software to monitor the system from the other end. Till January 23, the hacker waited to possess the necessary passcodes which were carelessly shared with 10 bank employees. On Sunday, the hacker siphoned off Rs 12.9 crore from the chest account of the bank and transferred it to different bank accounts across Delhi, Haryana, Uttar Pradesh, West Bengal, Maharashtra, Karnataka, and Kerela as well as the North Eastern States.”
According to the Hyderabad Police Commissioner, the hacker enticed people into opening bank accounts promising them 10 per cent cut in the loot that flows into their accounts. He cleverly picked up people from the low-income groups who did not clearly understand what he was up to.
The police took a deep dive into the muddle after the Mahesh Bank management lodged a complaint following detection discrepancies in its chest account. The police dug deep and worked for two long months to reach the prime offender but not the mastermind. It is learnt that the amount was first transferred to four bank accounts, then to 115, and finally to 398.
Phishing mails sent to 200 employees
The hacker first opened four bank accounts in June last year in the name of different enterprises and then sent phishing emails to 200 bank employees in November. They were opened by two employees, which helped the hacker to break into the bank’s server on January 6