Mahesh Bank was easy pickings for hacker

With rudimentary firewalls, even a beginner could have bypassed the bank’s security system, opines expert
Hyderabad Police Commissioner CV Anand explains the method of hacking adopted by the accused in the Mahesh Bank hacking case to the media on Wednesday. (Photo | EPS)
Hyderabad Police Commissioner CV Anand explains the method of hacking adopted by the accused in the Mahesh Bank hacking case to the media on Wednesday. (Photo | EPS)

HYDERABAD: Investigators looking into the Mahesh Bank hacking case have been left shocked at how flimsy the security deployed by the bank to protect itself from hackers was.

During the investigation that stretched over two months, the cybercrime sleuths deployed over 100 personnel to different States in northern and north-eastern India, incurring an expenditure of about Rs 58 lakh. Unfortunately, their efforts went in vain as they could not nab the kingpin who had remotely accessed the bank using proxy IP addresses.

Cybercrime sleuths found several chinks in the cybersecurity of the bank, so much so that there were times the sleuths clutched their heads in sheer frustration. Commissioner CV Anand, who briefed the media about the case, said that in some instances, even basic security protocols were not followed, putting public deposits at risk.

The Police Commissioner pointed out that the bank staff was not trained in cybersecurity and this was the reason why two of its employees opened the phishing emails sent by the hacker, allowing him access to the bank servers.

“The firewalls are so rudimentary, that even a beginner could have bypassed them,” said a cybersecurity expert. The investigators found that the bank also compromised when it came to putting in place proper network infrastructure. “Every user was given internet access,” the expert said.

The bank did not have a virtual Local Area Network to mitigate hacking incidents and also did not use Intrusion Detection System (IDS) mechanism and Intrusion Prevention System (IPS) mechanism to prevent and detect vulnerability exploits.

Anand opined that the banking system is at great risk and said that the police department will soon convene a meeting with bankers to create awareness among them.

He said that even RBI rules were not being followed to the letter, enhancing the risk to the banks as well as customers. The investigators are now focusing on a Mumbai-based tech company that is suspected to have sold the hacking software to the as-yet-unidentified Nigerian hacker.

The police suspect this is the same software used in the Apex Bank hacking case as well. Meanwhile, cybercrime sleuths are preparing the grounds to issue a Red Corner notice against the unidentified Nigerian mastermind behind the Mahesh Bank hacking.

Cops suspect Mumbai firm sold software

The bank did not have a virtual Local Area Network to mitigate hacking incidents and also did not use Intrusion Detection System (IDS) mechanism and Intrusion Prevention System (IPS) mechanism to prevent and detect vulnerability exploits.

The investigators are now focusing on a Mumbai-based tech company that is suspected to have sold the hacking software to the as-yet-unidentified Nigerian hacker. The police suspect this is the same software used in the Apex Bank hacking case as well

Related Stories

No stories found.
The New Indian Express
www.newindianexpress.com