The efforts were made to hide the bank hacking matter that could expose vulnerability in the banking sector, FIA reports.
The investigators were investigating last October’s online fraudulent transfer of money.
A senior official of the Federal Investigation Agency said that the bank hacking is done by planning it properly.
Hackers in 44 countries had used the platform of ‘Visa’ money transfer service to siphon off the amount and an international forensic audit expert had been hired by the bank and the international money transfer company to probe the matter.
FIA official said, “A report by the international expert was awaited as it would help the banking sector as well as the FIA strengthen their firewalls from any further attacks.” Adding this the FIA had also initiated inquiry and sought details from the 44 countries where the hackers were based.
However, Pakistan does not have agreements on evidence sharing and joint investigation against bank hacking crimes with many of these countries.
FIA investigators also reported lack of cooperation from the banking sector which is troublesome.
“The initial inquiry shows several strange queries like withdrawal of the heavy amount in a single day — PKR 500,000 and more,” the official said, adding that the banking sector officials refused to answer why ATMs had not declined the withdrawal of such a huge amount.
“Our inquiry is not focused on whether the depositors would get their money back or not, but to stop the crime from happening again,” the FIA official said.
Meanwhile, many banks have also issued advisories to their account-holders to be aware of various scams.
The Standard Chartered Bank said that the two new kinds of fraudulent ways were ‘phishing’ and ‘vishing’. Phishing, the bank explains, is a technique where the fraudster sends an email, asking the recipient to provide personal details, and the email appears to originate from the recipient’s own bank. The term vishing is used when the fraudster calls the person, pretending to be a government official or a bank representative, and asks him/her to validate the identity seeking confidential information.
The SCB has warned that account-holders should not log in via an email link, and banks should never ask for passwords, login IDs, etc.
Meanwhile, the Senate was informed on Friday that the depositors would not suffer even after the amount had been siphoned off from their bank accounts as the loss would be borne by the insurer.
A written reply was submitted to the upper house of parliament by the Ministry of Finance to a question whether all the banks in Pakistan had been hacked.
The reply on bank hacking incident said that except for one bank, data of any other banks was not hacked and one local bank faced a cyber attack, resulting in cash out through international ATMs on Oct 27.
The Senate was informed that the State Bank had developed a road map for added strength of the information security controls of Pakistan’s banking industry and instructed the banks to take necessary measures to identify/counter any cyber threat to their systems in coordination with all the relevant stakeholders, including payment schemes.