Hyderabad: How hackers accessed Mahesh Bank servers and siphoned-off Rs.12.48 Cr

Hyderabad: Hyderabad police arrested five Nigerians, including the key conspirator, and 22 others for hacking into the servers of the A. P Mahesh Co-operative Urban Bank and fraudulently transferring Rs 12.48 crore. The crime took place in January this year.

The main Nigerian conspirator has been identified as Ikpa Stephen Orji along with another Nigerian, who goes by his nickname 'Capital', who hacked into the servers of Mahesh Bank on January 24 and transferred Rs 12.48 crores into four bank accounts. Both of them had come to the city and visited a mall at Kukatpally where they stayed and completed their operation, said Hyderabad police commissioner C V Anand.

How they hacked into the server of AP Mahesh Bank

According to Commissioner CV Anand, the main hacker who is either sitting in Nigeria or the United Kingdom sent a phishing mail with the subject related to business to around 200 email IDs of the Mahesh Bank in November 2021. Two of the employees of the bank opened that email and due to this, trojan software got installed in their systems.

That allowed the hackers to successfully establish a network with the bank's computer systems. Afterward, the hackers sent a Key Logger Software and were monitoring their work, through which they collected all the details and used it to hack into the account.

On January 24, a public holiday, the hackers logged into the network and altered the bank balance in four of the seven accounts they had opened in 2021. The commissioner stated that the money was again transferred from the four accounts to 115 different accounts and again to another 398 accounts. A part of the money was withdrawn from a staggering 938 ATMs from across the country.

After the scam broke out, teams were sent to Delhi, Haryana, Uttar Pradesh, West Bengal, Maharashtra, Karnataka, Kerala, and other North-East states to track the hackers.

The handlers and the account holders were paid a commission of 10 percent by the fraudsters, while the remaining amount was sent to foreign countries through hawala and cryptocurrency, said Anand.

More importantly, due to the police's timely action, another Rs 2.08 crore was saved while another Rs 1.08 crore was returned to the bank due to incorrect beneficiary details. The fraudsters managed to siphon off around Rs 9.48 crore.

The commissioner said that the police made a Mumbai-based company 'Infra Soft Company,' a co-conspirator, and also the Mahesh Bank. "We sought certain information from Infra Soft Company but they failed to furnish it, which indicates they are hand in glove with the fraudsters," he said.

The police will be writing to Interpol and will seek its assistance to nab 'Capital' who is suspected to be hiding in Nigeria. He said that the police will soon hold a meeting with officials of various banks and explain to them the need to take precautions to prevent hacking of accounts.

Anand added that the banks should have intrusion detection systems and intrusion prevention systems to foil attempts to prevent and detect vulnerability exploits.