Report into cyber breach of India’s payments network reveals major security gaps

23 Feb 2017

An audit report of a sustained cyber breach of Indian's payments network has brought out the uncomfortable truth that anti-virus and anti-malware devices that the banks deploy had failed to counter the cyber attacks, The Economic Times reported.

The attack, which started in May 2016, had extended to end July 2016, and was considered the worst cyber attack to compromise the payments network in which thousands accounts were compromised. Later it emerged hackers had penetrated the network of Hitachi to which a number of banks had outsourced their ATM transaction processing.

Hitachi hired a Bengaluru-based payments security firm to carry out a forensic audit.

The firm was reportedly stunned by the level of sophistication and ingenuity of hackers who targeted Hitachi.

The malware was so ingenuously written that it could spread within the Hitachi system at an alarming rate, even though Hitachi had used some of the best security devices.

The hackers had created a 'dummy code book' within the Hitachi system - capturing all possible four-digit numbers from 0000 to 9999 - to steal the PINs (personal identification numbers) of customers as and when they used their cards to withdraw money from ATMs of a private bank in India.