back to article Bank had no firewall license, intrusion or phishing protection – guess the rest

An Indian bank that did not have a valid firewall license, had not employed phishing protection, lacked an intrusion detection system and eschewed use of any intrusion prevention system has, shockingly, been compromised by criminals who made off with millions of rupees. The unfortunate institution is called the Andra Pradesh …

  1. ShadowSystems Silver badge

    What I don't understand...

    If you have Root access to the bank internals & can run unchecked through their digital vaults, why limit yourself to making a few withdrawls at various ATM's?

    It's like you've got access to the entire cookie jar, but ignoring the cookies in favour of the crumbs in the bottom.

    1. katrinab Silver badge
      Paris Hilton

      Re: What I don't understand...

      Because they want to hold their cash in a way that isn't traceable back to the bank.

      1. ShadowSystems Silver badge

        At KatrinaB...

        I could accept that except for the fact that most ATM's have a security camera that records the person using the device. The bank will know which accounts were given the money, which ATM's were used to withdraw said funds, & be able to hand the security footage over to the authorities.

        Even if the person in the footage is obscured, the account holder is known & will be brought in for questioning. If they can't provide a plausible excuse for the person in the video *not* being them, they'll be on the hook for "receiving stolen property" at the least or the bank heist itself.

        *Hands you a pint to hold against your forehead to help with the headache I've just caused*

        Drink up with my apologies for my train of thought often causing good ideas to derail harder than a roller coaster jumping the track at the bottom of the first steep hill. =-j

        1. yetanotheraoc Silver badge

          Re: At KatrinaB...

          "the account holder is known"

          The electronic transfers were from the real accounts. The ATM withdrawals were from the fake accounts.

        2. Emir Al Weeq

          Re: At KatrinaB...

          "Even if the person in the footage is obscured, the account holder is known & will be brought in for questioning. If they can't provide a plausible excuse for the person in the video *not* being them, they'll be on the hook"

          Ah yes, the old guilty-until-proven-innocent approach.

          1. Loyal Commenter

            Re: At KatrinaB...

            Ah yes, Mr Fakebankaccount, of 123 Anystreet, Sampleton, I see from our records that despite your associated photo ID being that of Adolf Hitler, a man not matching your description was seen running off with some stolen cash...

            It's not even a case of "guilty until proven innocent"; as I understand it, the crooks created accounts in the banks systems, transferred cash to them, then withdrew it from cash machines. There was never any real identity associated with those accounts.

        3. Danny 14

          Re: At KatrinaB...

          here kid. go to that atm. withdraw 400, 100is yours. Then go to that atm, withdraw 400, 100 ia yours. Talk about it and we hack your arms off.

    2. Coastal cutie

      Re: What I don't understand...

      The ATMs were just the last stage of getting hold of the $1M+ that they'd stolen, providing nicely untraceable funds once withdrawn

      1. ShadowSystems Silver badge

        At Coastal Cutie...

        Please see my reply to KatrinaB above. The ATM wouldn't be the anonymous extraction point you envision.

        The ATM has a security camera, the footage goes to the cops, the account holder of the account accessed to pull the funds will be known & reported to the cops, & that kind of blows the anonimity out of the water. =-/

        *Hands you a pint to help with the headache*

        Sorry for being a buzzkill, it's a side effect of my Dried Frog Pills. =-J

        1. Ian Johnston Silver badge

          Re: At Coastal Cutie...

          Good job that (a) Blu-Tak or the Indian equivalent doesn't stick to cameras and (b) nobody had the sort of access to the bank which might have allowed accounts to be opened with fake details, ready to receive the illicit transfers.

        2. Phil Kingston

          Re: At Coastal Cutie...

          Many many ATMs have no camera. And who knows how long the ones that do retain images for. And easy enough to work around all that "hey kid, you can keep x rupees if you use this card and withdraw 10x rupees from that ATM over there for me". Heck, even if the kid runs off with all of it, not his loss.

        3. Coen Dijkgraaf

          Re: At Coastal Cutie...

          Except those doing withdrawals from the ATM and overseas transfers my be unsuspecting money mules who would have been recruited and paid a small amount of money for the job. So even if they get arrested, the perpetrators that carried out the heist won't be caught.

        4. FILE_ID.DIZ
          Devil

          Re: At Coastal Cutie...

          Ride a motorbike type ride and be safe and wear a helmet.

          Face fully obscured. And while you're at it, steal someone else's plates or just steal someone else's bike and ta-da.

    3. bombastic bob Silver badge
      Devil

      Re: What I don't understand...

      Maybe they were too cheap to fly to the Caiman Islands (or wherever) to set up an account for a shell company there??

      I would expect wire transfers, cashier's checks, some basic money laundering, and other organized crime techniques may also have been beyond their skill set. It only takes a semi knowledgeable script kiddie to use phishing attacks to set up a RAT trojan...

      which ALSO means (the obvious) that proper bank security SHOULD have prevented this.

      (I hope that no depositors lost their funds, but I expect they did)

      1. katrinab Silver badge

        Re: What I don't understand...

        Wire transfers etc can be traced after the event. That's why they didn't do them.

        1. bombastic bob Silver badge
          Meh

          Re: What I don't understand...

          Assuming that you set up shell companies someplace that's difficult to track you down in, you can assume you will be traced but not care a lot. Caiman Islands is one of those places you can set up this kind of money laundering scheme. It's a typical money laundering technique used by "the big time": crooks. YES, you CAN trace it with difficulty, and if the criminals know what they are doing, they will probably get away with it.

          I mean how do drug cartels and organized crime bosses "get away with it" ? Pretty much "that".

    4. JulieM

      Re: What I don't understand...

      Why don't people who hack into banks' computers start out by purging all the loan and mortgage records?

      1. veti Silver badge

        Re: What I don't understand...

        If the bank goes bust, who are they gonna steal from?

        These people are doing it for their own benefit, not yours.

    5. yetanotheraoc Silver badge

      Re: What I don't understand...

      Because it wasn't a criminal gang in Nigeria but one or a few individuals inside the bank. Rather than maximize the payout, they maximized deception and untraceability. We should ask in particular - who exactly made all those ATM withdrawals?

      1. Wedgie

        Re: What I don't understand...

        Agree, as an ex-bank InfoSec bod, this has insider job all over it. Even if the bank is running a COTS platform, a fair bit of insider knowledge would be required to pull off what has been described.

      2. bombastic bob Silver badge
        Unhappy

        Re: What I don't understand...

        who exactly made all those ATM withdrawals?

        People wearing masks, no doubt. ATMs have cameras but it does little good if you have a mask on.

        1. tip pc Silver badge

          Re: What I don't understand...

          People wearing masks, no doubt. ATMs have cameras but it does little good if you have a mask on.

          Why would people be wearing masks when going to an atm? It’s not like there has been a global respiratory pandemic where people where asked to wear masks is it?

          1. RagBagg

            Re: What I don't understand...

            The fraud and the withdrawals happened around the time when Omicron was raging. A face mask would absolutely have been the best anonymity device as no one would object to it.

            I am sure out of those hundreds of withdrawals most would have got captured on camera (I know they do, we get reports of ATM frauds being stuck due to masks), but a masked face. And as someone suggested, if a bike helmet was placed on the face, a normal occurrence in India - then the CCTV would be useless.

            The bank and its management ought to be convicted... for stupidity!

        2. yetanotheraoc Silver badge

          Re: What I don't understand...

          Agree, but my point was those people were not in Nigeria or UK but were locals. Even if they were simply mules (doubtful), they had to hand off the cash to some other local. "Exactly" didn't mean "by name" but "by role".

  2. sanmigueelbeer Silver badge

    What could possibly go wrong?

    An Indian bank that did not have a valid firewall license, had not employed phishing protection, lacked an intrusion detection system and eschewed use of any intrusion prevention system

    A bank without a valid license -- What could possibly go wrong?

    1. b0llchit Silver badge
      Coat

      Re: What could possibly go wrong?

      They get robbed?

      1. LDS Silver badge

        Re: What could possibly go wrong?

        Probably the bank executives and managers didn't want to get caught while doing some additional money on their own....

    2. Anonymous Coward
      Anonymous Coward

      Re: What could possibly go wrong?

      They never seem to rob sperm banks though,

      1. richdin

        Re: What could possibly go wrong?

        More fun making deposits rather than withdrawals...

    3. RagBagg

      Re: What could possibly go wrong?

      The bank license was valid, they simply used pirate software. They also had a license for Stupidity.

      1. John Brown (no body) Silver badge
        Coat

        Re: What could possibly go wrong?

        No. Licenced stupidity is regulated to fixed levels. This was pure unlicensed stupidly which has no bounds.

    4. Cliffwilliams44 Bronze badge

      Re: What could possibly go wrong?

      For a country with so many people that work in the IT industry this is just so foolish. I understand the monitory concern but there are so many open source firewalls that they could have stood up some generic box with one of these.

      All the rest is just stupid management stuff. Don't implement standard security protocols because it is too intrusive to the users.

  3. Potemkine! Silver badge

    IT is a cost center isn't it?

    As long as bean counters will see IT as something too expensive whatever it's used for, such nonsense will occur.

    Too many times shareholders want more and more year after year, and are willing to put a lot of pressure on 'support' services to increase the profit: those get what they deserve, losses and bad press.

    1. Anonymous Coward
      Anonymous Coward

      Re: IT is a cost center isn't it?

      A thousand times this. My support department has been gutted from 26 people running 24/7/365 to 3. The cracks started showing a long time ago and there are people in management positions who ask why we haven't done X.

      Well boss, could it be because you fired everyone and that there are more managers above me than people in my department?

      1. tatatata
        Trollface

        Re: IT is a cost center isn't it?

        24/7/365. So 1 day down every 4 years?

    2. Flywheel
      Joke

      Re: IT is a cost center isn't it?

      put a lot of pressure on 'support' services to increase the profit

      Maybe they should've outsourced it?

      1. TRT Silver badge

        Re: IT is a cost center isn't it?

        They did but the bloody call centre was in England.

    3. Anonymous Coward
      Anonymous Coward

      Re: IT is a cost center isn't it?

      IT has and always will be seen as a dirty, money swallowing black hole by those at the top. "Computers right? They just look after themselves, why do we need all these people with all these skills? What the hell do we need to pay for more kit? We only just some 6 months ago!"

      If you're lucky enough to have a young'ish CEO who sees the real value of technology and how to use it productivey to increase the company worth, then you're already winning big time. If on the other hand you have some old fart ( ex-Bean counter usually ) at the top who cannot see why you need to keep pace with tech and pay for skilled workers, then I strongly advise you get out and find a company with a young'ish CEO who sees the real...you get the idea!

      1. Anonymous Coward
        Anonymous Coward

        Not necessarily young-ish CEOS...

        Overall corporate culture is the thing to look for.

        I work for a tech company with a gray-haired CEO who absolutely gets it. I won't argue against the notion that older CEOs are statistically less likely to be tech-savvy, but then I work for an individual and not a statistic.

        I've also worked for a gray-haired CEO who was an absolute abusive nightmare and never made a mistake he couldn't blame on someone else. I left that place - best thing I've done in years, second only to landing my present job.

        There ARE workplaces out there where the PHB pays attention to the BOFH, everyone is working toward the same goals, priorities are based on rational discusion, everyone really IS valued, and no one is abused. They won't be Fortune 500 companies, and probably not publicly-traded on the stock market, but they do exist. Seek them out.

        Posting as anon because I value opsec and there are evil people out there.

      2. Brett Weaver

        Re: IT is a cost center isn't it?

        .. So the age of the CEO is the main thing eh? That's the sort of shallow, muddy thinking I have come to expect from young people ...

        1. Cliffwilliams44 Bronze badge

          Re: IT is a cost center isn't it?

          Forgive them, for they know not what they do!

      3. tip pc Silver badge

        Re: IT is a cost center isn't it?

        If on the other hand you have some old fart ( ex-Bean counter usually ) at the top who cannot see why you need to keep pace with tech and pay for skilled workers, then I strongly advise you get out and find a company with a young'ish CEO who sees the real...you get the idea!

        I agree with the bean counter argument but not the grey hair thing.

        You should appreciate some of the history of computing.

        Did you know that the first computer used for commercial business applications was for a company that makes tea, running its first test programs in 1949.

        While the engineers who did the work where nut grey beards, the board who allowed the overall investigation, research, commissioning etc to happen almost definitely where.

        They where pioneers of their time, no one else was running computers for business programs so they literally had to build their own.

        What business today does something as left field as that? That’s like some tiny business that sells books deciding it’s going to create a huge intercontinental distribution system to sell other peoples stuff & then deciding to build huge datacenters all around the globe and then let other companies run their own programmes in their dc’s. From books to logistics to cloud computing is quite a leap but yes Geoff wasn’t a grey beard, but then he didn’t start by creating logistics, he built upon what already existed by working with the established logistical giants.

      4. Cliffwilliams44 Bronze badge

        Re: IT is a cost center isn't it?

        We used to have to fight tooth and nail to get anything security wise implemented or paid for in my company. Then one of our competitors got hit with Ransomware, which also hit some their subcontractors (Construction industry) through poorly implemented VPN security. It was amazing how fast all of our security initiatives were budgeted and fast tracked! We even have a dedicated Security team now,

    4. Cederic Silver badge

      Re: IT is a cost center isn't it?

      Most bankers these days fully recognise that they're running an IT business.

      The data merely happens to represent a highly tradeable commodity.

    5. Danny 14

      Re: IT is a cost center isn't it?

      pfsense, snort and pfblocker are free though, thats what makes no sense.

      1. John Brown (no body) Silver badge

        Re: IT is a cost center isn't it?

        Probably because if it's free, then it must be shite. Or the business has to take full responsibility and can't blame the vendor (and pay for people to set it up and maintain it). At least that's the logic I expect is used at board level.

  4. An_Old_Dog Silver badge
    FAIL

    Root Causes

    Greed: The Board of Directors would not authorize funds for up-to-date software licenses and software support.

    Executive Arrogance: "What are the chances we'll get hit? Anyway, I'll get a bonus and/or promotion for cutting costs, and be in a different job by the time it does happen, if ever."

    Possible* Bank IT Incompetence: There are open source, free-as-in-beer firewalls available. Why didn't bank IT deploy one if they couldn't get funds to maintain their commercial firewall?

    *They may have suggested, and denied this option by their management.

    This sort of thing will continue until the people responsible do serious jail time, and office politics ensures anyone found 'officially responsible' will be lower-level types only, and not actual directors.

    1. Zippy´s Sausage Factory
      Facepalm

      Re: Root Causes

      I remember once a colleague telling me about suggesting something open source to their manager:

      "So, how much does it cost?"

      "It's free"

      "Ok, but who sets it up for us, what consultancy?"

      "We can do it ourselves"

      "But what if it goes wrong, who do we sue?"

      "We don't."

      "This sounds like pirate software to me, I'm not approving it. And if you suggest anything like this again, it'll be a written warning."

      1. Doctor Syntax Silver badge

        Re: Root Causes

        "But what if it goes wrong, who do we sue?"

        The correct response at this point would be:

        "Do we sue Microsoft, Oracle or any other supplier?"

        1. Steve Hersey

          Re: Root Causes

          My personal response would be to reach for the D-ring and exit the plane stage right.

          "Who do we sue if this goes wrong?" is that rere thing, an actually stupid question.

          The RIGHT question is: "Will we be better off if we do this, or if we don't? Is this the best option, or is there a better one?"

          Planning for whom to sue in case of failure is planning for failure.

          1. John Brown (no body) Silver badge

            Re: Root Causes

            But you always need a Plan 9 for user-space! That's not planning for failure, it's a plan of last resort. The cold, dead dregs of the company need something for the lawyers to hang onto. Just ask SCO :-)

      2. Anonymous Coward
        Anonymous Coward

        Re: Root Causes

        Have on more than one occasion had to explain to people that using an open source software platform to store health research data does not mean making that data publicly available....

        1. Anonymous Coward
          Anonymous Coward

          Re: Root Causes

          You as well?? I wonder how common this is?

        2. T. F. M. Reader Silver badge

          Re: Root Causes

          Have on more than one occasion had to explain to people that using an open source software platform to store health research data does not mean making that data publicly available....

          How successful have you been so far in getting this message through? Asking for a friend...

      3. Cliffwilliams44 Bronze badge

        Re: Root Causes

        Another aspect of this is you have all these "Security Consultants"* that will tell management that "Open Source is a terrible security risk!" So they can sell the expensive kit they support and make big bucks on.

        I've had to counter this with "How many eyes are on their code? Can we see their code? How motivated are they to publicize the fact their software has a security flaw?" "With open source there are 100's or even 1000's of people looking at the code, we can download the code and examine it ourselves, No ones ego or corporate reputation is resting on the quality of the code! There is no motivation to hide vulnerabilities until they are fixed."

        It was harder to win this argument in the past but Open Source it is getting more an more acceptable.

        *I don't mean to disparage all security consultants, there are some that are excellent! But there are others that are just fear mongering con-men!

        1. Aitor 1 Silver badge

          Re: Root Causes

          Badly done os is a risk. But everything in life has risks.

          Look at springshell, etc.

    2. bombastic bob Silver badge
      Meh

      Re: Root Causes

      may just have been cluelessness coupled with being cheap

      1. W.S.Gosset Silver badge

        Re: Root Causes

        That was my thoughts, too.

  5. Pascal Monett Silver badge

    the Andra Pradesh Mahesh Co-Operative Urban Bank

    Is going to quickly learn about networks, intrusion detection systems and that the cost of a proper firewall license means it can continue doing business.

    Some people have to learn the hard way.

    1. Dan 55 Silver badge

      Re: the Andra Pradesh Mahesh Co-Operative Urban Bank

      They're supposed to learn the hard way at audits, not by losing a tonne of money.

      So the regional/national regulator seems remiss in their work as well.

      1. Anonymous Coward
        Anonymous Coward

        Re: the Andra Pradesh Mahesh Co-Operative Urban Bank

        Oh I've seen this by the bucket load.

        4 successive failed audits. Each time the company pleaded and said they were working on resolving the issues (they were not). The funniest thing was one particular auditor I met on the first 2 audits joined the company some time after the last audit. I ran into him by chance, and he was complaining that, several years on, NONE of the recommendations he'd made had been implemented.

        I just laughed. I reminded him of the times in the audit interviews where I commented that I had tried (unsuccessfully) to get the issues addressed (all documented, with meeting minutes) and been ignored.

      2. Cliffwilliams44 Bronze badge

        Re: the Andra Pradesh Mahesh Co-Operative Urban Bank

        As long as the entity paying for the auditors is the entity getting audited the audit is useless. I've seen this time and again.

        I've also see that IT audits are performed by 20 something employees of large accounting consulting firms like Deloitte. They are absolutely clueless regarding IT security and only operate from a list of items given to them. Again, the audit is absolutely useless.

      3. Missing Semicolon Silver badge

        Re: the Andra Pradesh Mahesh Co-Operative Urban Bank

        You think the customers that had their accounts pilfered will get refunds?

        Only the important ones.

    2. WanderingHaggis

      Re: the Andra Pradesh Mahesh Co-Operative Urban Bank

      It's a shame for the account holder who loose their savings though. Was the bank insured -- would an insurer honour such a fail?

      1. Doctor Syntax Silver badge

        Re: the Andra Pradesh Mahesh Co-Operative Urban Bank

        Why the downvotes other than "loose" instead of "lose"? It's the account holders who were the victims. They weren't in a position to know their bank was so lax.

        1. Dabooka

          Re: the Andra Pradesh Mahesh Co-Operative Urban Bank

          I cannot be sure as to the reason but possibly because the individuals accounts getting rinsed would not be the ones paying the price; any losses would have to be made good by the ban.

          Or it could be Loose vs lose. Who knows!

          1. John Brown (no body) Silver badge

            Re: the Andra Pradesh Mahesh Co-Operative Urban Bank

            Maybe, maybe not. Anyone know the laws and regulations on Banking in India? Specifically in relation to a co-operative? The account holders may well be shareholders which might affect any payouts.

  6. Anonymous Coward
    Anonymous Coward

    Maybe they should have outsourced their IT...

    ... to the massive talent pool of IT in India I hear so much about.

    1. Doctor Syntax Silver badge

      Re: Maybe they should have outsourced their IT...

      "massive talent pool of IT in India"

      It sounds as if the Hyderabad police have more of it than the bank.

    2. Zippy´s Sausage Factory

      Re: Maybe they should have outsourced their IT...

      It's almost as if that would cost money, and costing money would impact the executive bonuses and that would be a Bad Thing.

    3. John Brown (no body) Silver badge

      Re: Maybe they should have outsourced their IT...

      It's an interesting thought. If you run a business in India, with the local market rates, how do you beat the completion on price? Where do you off-shore your outsourcing? Malaya? Philippines? Tuvalu?

  7. Doctor Syntax Silver badge

    Unfortunate.

    "The unfortunate institution"

    It's not the bank that's unfortunate, it's their customers. The bank got exactly what it deserved, the customers didn't.

  8. sanmigueelbeer Silver badge

    Hello Andra Pradesh Mahesh Co-Operative Urban Bank? My name is Jake and I am calling from Microsoft.

    1. Anonymous Coward
      Anonymous Coward

      I came here for the comments and I was not dissapointed.

      Cheers, I LOL'd at that!

    2. doesnothingwell

      Whenever Jake calls me about "a problem with my computer", he is from Windows.

      1. Cliffwilliams44 Bronze badge

        And that is "Jake" with a Nigerian accent!

  9. VoiceOfTruth

    Licence costs

    -> The latter is not uncommon because enterprise software is often priced to western standards, and users in less prosperous nations who find the cost prohibitive roll the dice on unsupported and/or out of date code.

    This is completely true. Every time I read about x billion $ being lost due to 'software piracy', consider for a moment that if the cost of Adobe here in the UK is expensive, how much more expensive it is in, say, India. Adobe has no chance whatsoever of persuading a lot of people there to part with a huge amount of their income just to have the pleasures of Photoshop. So there is 'software piracy'.

    1. Anonymous Coward
      Anonymous Coward

      Re: Licence costs

      Or The Gimp…

    2. Cliffwilliams44 Bronze badge

      Re: Licence costs

      Adobe has made more money "because" of pirated copies of PhotoShop then they have ever lost because of Piracy. All those college students that used a pirated copy of PhotoShop in college and then when they got a job insisted that they have PhotoShop so their employer purchased it!

      I have no sympathy for Adobe, ever!

      Creative Cloud is am expensive pile of stinking dung and I wish I could extricate it from our enterprise!

      1. John Brown (no body) Silver badge

        Re: Licence costs

        Likewise Microsoft with both Windows and Office.

    3. Anonymous Coward
      Anonymous Coward

      Re: Licence costs

      It's one thing to pirate software because you can't afford it (not saying it's a good thing or a justifiable thing).

      Its another thing to lose over $1M because you were too cheap to license a firewall.

  10. Anonymous Coward
    Anonymous Coward

    no VLANs ????

    "Another technology the bank had chosen not to adopt was virtual LANs, so once the RAT went to work the attackers gained entry to the Bank's systems and were able to roam widely – even in its core banking application."

    Really ???? Even in the 80s, this was unthinkable ! And it's not as they cost anything ! My 50 E 8 ports Netgear switch supports them !

    1. Doctor Syntax Silver badge

      Re: no VLANs ????

      "And it's not as they cost anything"

      But they do. The bank would have to pay somebody who knew what they were doing to set them up. What's more they have to pay somebody to ensure every new box is on the right VLAN.

      1. Cliffwilliams44 Bronze badge

        Re: no VLANs ????

        What is more important is the absolute lack of any user security segmentation. I say this all the time, "Why do some people have the veritable 'Keys to the kingdom'?" No one person should have full access EVERY piece of data your organization has! NO ONE! Not even in IT.

        Yes, I'm a Domain Admin, yes I have access to all the servers ad their data with that account but NO I do not use that account for my daily computer use. Also, I DO NOT have access to our financial data, not with ANY account!

    2. DarkwavePunk

      Re: no VLANs ????

      You'd be surprised. Early 2000s I had a short contract job at a financial institution that had 700+ NT4 desktops on a flat network alongside the servers. With stacked hubs no less. After pointing this out as a "bad idea" many times I was basically told "We know, shut up!". Not exactly sure what they wanted me to do and why I was hired.

      1. BOFH in Training Bronze badge

        Re: no VLANs ????

        Would not have been surprised so that in the event that something bad happens, they can point to the previous contractor (you in this case) as the one who did not do anything about it / advice about it.

        Hope you had everything in emails or some other paper trail in that instance so you can point to that in the event you are blamed.

  11. TRT Silver badge

    It's nice that...

    we have these volunteer honey-trap organisations.

  12. Anonymous Coward
    Anonymous Coward

    Without reading the article

    > Bank had no firewall license, intrusion or phishing protection – guess the rest

    They realised their mistake, paid their licence arrears, put in place a system to prevent recurrence, extensively audited their systems to ensure no intrusion had occurred, write a grovelling apology to their customers and by their quick corrective action managed to avoid being exploited?

    Did I win?

    1. arachnoid2
      IT Angle

      Re: Without reading the article

      No they changed the banks name,moved the customers across and upgraded their home page. Half a days down time job done.

    2. SuperGeek

      Re: Without reading the article

      "They realised their mistake, paid their licence arrears, put in place a system to prevent recurrence, extensively audited their systems to ensure no intrusion had occurred, write a grovelling apology to their customers and by their quick corrective action managed to avoid being exploited?"

      Does Hell freeze over once a blue moon?

  13. Robert 22

    I imagine they were bogus accounts.

  14. russmichaels

    how ironic

    Indians getting scammed/hacked by someone outside of India... quite ironic really....

  15. Ken G Silver badge
    Holmes

    How many millions of Rupees?

    There's a reason the Crore is a unit of measurement - a million Rupee is about €12K, maybe the loss was less that the cost of the licenses?

    1. jameswyper

      Re: How many millions of Rupees?

      The article mentions a loss of (presumably US) $1 million, so approximately Rs 75 million at today's rate.

  16. Jake Maverick

    Just wait until they do away with paper statements! Something like this happens or there is a solar flare....the real victims/ customers can't even prove they had a bank account with them, never mind what the balance was!

  17. Mister Dubious
    Coat

    Shrinkage

    "Its 45 branches and just under $400 million of deposits make it one of India's smaller banks."

    Even smaller now, it appears.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like