In a massive cyber attack, several cloned debit cards of the Pune-based cooperative bank were used for thousands of ATM transactions from India and 28 other countries in a period of seven hours on August 11. (File photo)
Two more suspects have been arrested in connection with the malware attack on Cosmos Bank, taking the total number of arrested suspects to four. Police are now investigating how the four arrested suspects — one from Bhiwandi, two from Aurangabad and one from Nanded — were tapped by cyber criminals and why they assembled at Kolhapur, where they allegedly withdrew large sums of money at the time of the attack.
On Thursday, the Special Investigation Team (SIT) of Pune City Police arrested two more persons — Shaikh Mohammed Jabbar from Sillod town in Aurangabad district and Mahesh Rathod from Bhokar town in Nanded district. The latest arrests were made based on the information gathered from the interrogation of the two suspects arrested on Tuesday, Fahim Shaikh from Bhiwandi in Thane and Fahim Khan from Sillod.
The remand application filed by the investigating officer of the case, Jairam Paigude, stated, “The arrested suspects come from various places and there was a well-planned conspiracy involving them. A probe needs to be conducted into how these people received information stolen from the hacked server and how and why they came together at Kolhapur. All four arrested suspects will be interrogated together.”
A police official connected to the probe said, “All the arrested persons come from modest economic backgrounds and do not seem to have advanced technical know-how. We are probing how and why these people were tapped by the cybercriminals and if there is a common link between them.”
In a massive cyber attack, several cloned debit cards of the Pune-based cooperative bank were used for thousands of ATM transactions from India and 28 other countries in a period of seven hours on August 11.
While around Rs 78 crore was withdrawn in more than 12,000 ATM transactions outside India, another 2,800 transactions were made in different places within India, to the tune of Rs 2.5 crore. Further, on August 13, Rs 13.5 crore was transferred to a Hong Kong-based entity using the Society for Worldwide Interbank Telecommunications (SWIFT) facility. Investigation revealed that while the transactions outside India were done through VISA cards, those in India were done through Rupay cards. A total of Rs 94 crore was siphoned off.
The SIT had zeroed in on the suspects based on footage from security cameras installed in several ATM kiosks in Kolhapur, where a group of at least seven persons had withdrawn nearly Rs 89 lakh using over 90 cloned cards. Four of the culprits have been arrested. In a similar manner, money was withdrawn from ATMs in Indore, Mumbai, Kolhapur, Ajmer and other places, using cloned cards at the time of
the attack.
Investigators have sought more information from Interpol about the transactions that took place in 237 banks in 28 foreign countries. In the third week of August, police had started recovering the money from some customers of the bank, who had found excess account balance during the time of the attack and withdrawn money using their own cards.
Police had said these account holders were accidental beneficiaries of the cyber attack and did not prima facie have any criminal connection with the alleged hackers. Till now, police have recovered over Rs 3.5 lakh from 27 such beneficiaries.