Nepalese people travel on a rickshaw after public transportation was halt during a countrywide strike against the Nepali government and police in Kathmandu December 19, 2011. Photo: REUTERS/Navesh Chitrakar
A bank in Nepal has recovered most of the money stolen after its SWIFT server was hacked last month, two officials, involved in the investigation of the Himalayan nation’s first reported cyber heist, said on Tuesday.
Cyber attackers made about $4.4 million in illegal transfers from NIC Asia Bank, based in the Nepali capital, by hacking the SWIFT server at the private bank, to other countries, including the United States, Britain, China, Japan and Singapore last month when the bank was closed for annual festival holidays, Nepali media said.
Chinta Mani Shivakoti, a deputy governor of the Central Nepal Rastra Bank (NRB) said the regulator had requested authorities in these countries not to release the payment of the stolen amount as soon as it was informed about the theft and had launched moves to recover it.
“Most of the stolen amount of money has been recovered,” Shivakoti told Reuters. “A sum of amout $580,000 is yet to be recovered,” he said without giving details.
The chief of Nepal police’s Central Investigation Bureau Pushkar Karki said his agency was investigating into how the passcode of the bank’s computer system had been stolen and who was involved in it.
“We are still working on this,” Karki told Reuters.
Nepali media reports said consultancy firm KPMG was also involved in the investigation.
“The incident showed there are some weaknesses with the IT department of the bank. Once the investigation report is available we’ll provide guidelines to avoid such incidents in future,” Shivakoti of the central bank said.
SWIFT said it does not comment on individual entities.
A SWIFT spokesperson said: ”When a case of potential fraud is reported to us, we offer our assistance to the affected user to help secure its environment.”
“We subsequently share relevant information on an anonymised basis with the community. This preserves confidentiality, whilst assisting other SWIFT users to take appropriate measures to protect themselves. We have no indication that our network and core messaging services have been compromised”.
Officials from NIC Asia Bank, one of dozens of private banks in Nepal, were not immediately available for comments.
Hackers stole $81 million from the Bangladesh central bank in February last year after gaining access to its SWIFT terminal and the emergence of other successful and unsuccessful hacks rocked faith in a system previously seen as totally secure.