New Delhi: Experts at the Central Bureau of Investigation (CBI) on Wednesday said that financial frauds generally take place over a long weekend, which makes them hard to detect. They were speaking at a two-day conference on cyber crime here.
CBI Director Rishi Kumar Shukla inaugurated the National Conference on Cyber Crime Investigation and Cyber Forensics — the first national-level conference at the CBI. It covers one of the mandates of the agency — of covering crimes having inter-state and international ramifications. As many as 50 officials from various states, the Ministry of Home Affairs (MHA) and the Ministry of Electronics and Information Technology (MEIT), experts from law enforcement agencies and academia attended.
Shukla said that more states should come forward and participate and cooperate with the CBI since the nature of cyber crimes mean the offences take place in one jurisdiction or country while the accused are in another jurisdiction. When the CBI takes up cases of cyber fraud, they also need to take the state's consent, he said.
The conference mentioned that internet users are increasing in India at an annual compounded growth rate of 44%. As of December last year, internet penetration has reached 566 million and is increasing at a rapid stage — 97% of the users access the internet on their mobiles. This has also led to an increased risk of fraud.
The attention of cyber fraud is on digital infrastructure, said the director, adding that 50% of cyber crime cell of CBI cases concern attacks on digital financial infrastructure. These include credit card frauds, banking frauds, phishing, use of counterfeit software, hacking and internet theft.
CBI sources gave example of two cases to elaborate the modus operandi.
In cyber fraud cases at SBI branches, the total amount phished was Rs 100 crore in three separate cases. In one of the cases, a temporary employee with the help of his associates was able to obtain the user ID and password of SBI officers. He then installed a router in the SBI intranet, though which he was able to remotely access it. The employee was able to transfer large amount of sums using the IDs of different bank officials.
SBI later blocked some of the transfers; an investigation led to the accused and Rs 10 lakh-Rs 20 lakh were recovered. As a result of this, the bank introduced more technical and media access control as well as a biometric system.
In the second instance, the accused had two debit cards of the public sector bank. Even though his account did not have a sufficient amount, he was still able to withdraw amounts from Australia by exploiting a bug in the software written by the bank's vendor. This allowed the accused to withdraw money. When he entered the PIN number, the core banking system of the bank sent him a message that said it was a wrong PIN number and there was insufficient amount in the account. But the Australian server interpreted this message as wrong and continued to disburse the cash.