KATHMANDU, Oct 26: The Central Investigation Bureau (CIB) of Nepal Police is likely to take over the investigation into the recent cyber attack against NIC Asia Bank Ltd through the bank's SWIFT system after the Nepal Rastra Bank (NRB) concluded that there was a criminal motive behind the case.
“Since this is a criminal case, we are holding discussion in regard to forwarding the case to the CIB for further investigation,” Chintamani Shiwakoti, a deputy governor of the NRB, told Republica.
Unknown hackers reportedly broke into the SWIFT system of the NIC Asia Bank last Wednesday and made fake instructions to some international banks, where NIC Asia has its accounts, for payment.
SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, provides messaging services to bank and financial institutions (BFIs) around the world which help them to facilitate international transactions and transfer of payments.
According to a source at the central bank, the CIB will also look into the security and IT lapses in the bank that helped hackers to intrude into the SWIFT system to make payment instructions.
While it is not clear yet how the hackers managed to break into the server of the SWIFT system to make payment instructions, cybersecurity analysts suspect that the lapse in the information technology (IT) or the operating system could have helped the hackers to get access to the system and make payment instructions electronically posing as authorized bank representatives.
Officials of NIC Asia Bank on Tuesday said that they have already requested all foreign banks, where it has maintained accounts, not to process the payment requests. The bank, however, has not disclosed how many transaction instructions have been made unlawfully and how much money the hackers managed to siphon off.
An NRB official, citing estimates provided by NIC Asia, told Republica that hackers could have made payment instructions worth Rs 460 million to banks of six countries where NIC Asia Bank has foreign currency accounts. The official also said that the central bank has also sought the help of its counterparts in these six countries in retrieving the payments made by the hackers.
“Out of the total amount said to have been instructed for payment, an estimated Rs 40 million could have been withdrawn. We are making needful efforts to recover the money that has been withdrawn,” the official added.
NIC Asia Bank's Assistant CEO Roshan Kumar Neupane, however, disputes the accuracy of the figure provided by the NRB official. “Since the old SWIFT server has been taken down, we cannot say how much amount has been instructed for payment,” said Neupane. “However, the amount is not huge because we don't park huge amount of money in our international bank accounts,” he added.