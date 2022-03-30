Hyderabad: The Mahesh Bank e-fraud might be a highly sophisticated crime, but it was possible more because of the cyber security lapses on the bank’s part rather than the smartness of the cyber crooks.

City Police Commissioner CV Anand said the bank management had not followed all the revised guidelines issued by the Reserve Bank of India, which in the end resulted in the hacking of its accounts and subsequent transfer of Rs 12.48 crore.

No intrusion detection system

According to the Commissioner, the IT wing of the bank failed to install anti-phishing applications, did not have a virtual Local Area Network (LAN) to mitigate hacking incidents and neither did they update firewalls. The bank also did not use any intrusion detection system or intrusion prevention system.

200 phishing mails

The hackers had sent around 200 phishing mails, with two of employees clicking on the links in these mails. Remote Access Trojans from these links then got embedded in those two computers, following which they sent a Key Logger Software and monitored their work. They thus collected all details and used those to hack into the accounts, Anand said.

Another gaffe was almost unbridled access to the customer database. Usually there are two master admins in a bank, while at Mahesh Bank, around it was a network of at least 10 persons.

“The hacker, after taking control of the two systems, managed to access the database by making contact with the master admins network,” he said, adding that the bank also failed to identify the four accounts opened with malafide intentions.

