SWIFT systems of three Indian banks compromised to create fake trade documents

Indian banks are waking up to a new kind of cyber attack. Hackers recently infiltrated the systems of three government-owned banks -two head headquartered in Mumbai and one in Kolkata -to create fake trade documents that may have been used to raise finance abroad or facilitate dealings in banned items.

The banks in question discovered that their SWIFT systems -the global financial messaging service banks use to move millions of dollars and documents across borders every day -have been compromised to create fake documents.

The banks are still unsure about the origin of the attack and the intention of the hackers. It's learnt that soon after the breaches were reported to the Reserve Bank of India, the regulator last month directed several banks to cross-check all trade documents issued over the past one year.

“The nature of the attack is unfamiliar to Indian banks. While there are no monetary loss and ransom demand as yet, there are fears that the banks' systems have been misused. There was fraudulent duplication of trade documents like letters of credit (LC) and guarantees which the hackers may have or planning to encash with some offshore banks,“a person familiar with the breaches told ET.

“These the hackers may have or are planning to encash with some offshore banks. It's also possible that hackers did not present the fake LCs to raise funds but to carry out trade of prohibited or illegal commodities,“ the person added.

An LC, serving as a guarantee, is a letter that one bank writes to another bank (particularly in another country) to ensure payment to the supplier of goods when certain conditions are met.

Besides messages for fund transfers, the SWIFT system is also used to communicate trade documents. Thus, a cybercriminal who generates fake LC may attempt to place it with an offshore bank for finance. The Indian bank (whose system has been misused to create false LC) may later face a monetary claim when the foreign bank tries to recover the money released against an LC or guarantee.

Following RBI's instruction, banks now have to match the documents shared through SWIFT with the actual documents in their base or core banking system to find out whether systems have been misused.

“It's possible that some banks may not be aware that an outsider has crawled into the system. Since there is no immediate loss of money, a bank may take a long time to sense that its SWIFT system has been hacked and misused,“ said a cyber security professional.

Since June 2016, SWIFT systems of four Indian banks have been targeted.In the first case (involving another Mumbai-based public sector bank), the bank had a narrow escape after a large American bank to which hackers had tried to transfer funds suspected that something was amiss.

If the hackers had their way, the local lender would have lost $150 million ­ about twice the size of the hit taken by the Bangladesh central bank whose chief stepped down after the cyber heist a year ago.

Even as the state-controlled banks were trying to figure out the damage caused by the breach of SWIFT, a government-owned financial institution found itself hit by a malware. About three weeks ago, the virus encrypted devices and computers which has now hired a cyber security firm to carry out a forensic audit.