'Almost all' Pakistani banks hacked in security breach, says FIA cybercrime head

Published November 6, 2018
FIA has written to all banks, and a meeting of the banks' heads and security managements is being called. — File
FIA has written to all banks, and a meeting of the banks' heads and security managements is being called. — File

In a shocking revelation, the head of the Federal Investigation Agency’s (FIA) cybercrime wing has said data from "almost all" Pakistani banks was stolen in a recent security breach.

"According to a recent report we have received, data from almost all Pakistani banks has been reportedly hacked," FIA Cybercrimes Director retired Capt Mohammad Shoaib told Geo News on Tuesday.

When pressed to clarify, the official said data from "most of the banks" operating in the country had been compromised.

Speaking to DawnNewsTV, Shoaib said hackers based outside Pakistan had breached the security systems of several local banks. "The hackers have stolen large amounts of money from people's accounts," he added.

"The recent attack on banks has made it quite clear that there is a need for improvement in the security system of our banks," he observed.

He said the FIA has written to all banks, and a meeting of the banks' heads and security managements is being called. The meeting will look into ways the security infrastructure of banks can be bolstered.

"Banks are the custodians of the money people have stored in them," Shoaib said. "They are also responsible if their security features are so weak that they result in pilferage."

It wasn't immediately clear when exactly the security breach took place.

According to Shoaib, more than 100 cases are being investigated by the agency in connection with the breach.

"An element of banking fraud which is a cause of concern is that banks hide the theft [that involves them]... and the clients report [the theft] to the banks and not to us, resulting in a loss of people's money," he told DawnNewsTV.

"We are trying to play a proactive role in preventing bank pilferage," he added.

Shoaib said the agency has arrested many gangs involved in cybercrimes and recovered stolen money from them.

A gang was arrested last week whose members used to disguise themselves as army officials and withdraw money from banks after gathering people's data, the official added.

'Data of over 8,000 account holders sold'

The disclosure comes days after around 10 banks blocked all international transactions on their cards, as concerns about a breach of credit and debit card data spread in the banking circles.

Sources told Dawn the State Bank of Pakistan (SBP) has been informed by several commercial banks that they have blocked international payments on debit and credit cards as a precautionary measure after cyber attacks on their clients’ accounts.

According to a digital security website krebsonsecurity.com, data of over 8,000 account holders of about 10 Pakistani banks was sold in a market of hackers.

A large Pakistani bank sent messages to its clients that online mobile banking services would be terminated for a temporary period from November 3 onwards on ‘technical grounds’.

The first cyber attack was reported by BankIslami on October 27. The bank said that Rs2.6 million was stolen from international payment cards after which it has stopped such transactions and allowed biometrically verified payments only on ATM cards within Pakistan.

Next day, the SBP issued directives to all banks to ensure that security measures on all information technology systems — including those related to card operations — are continuously updated to meet future challenges, ensure real-time monitoring of card operations related systems and transactions and immediately coordinate with all the integrated payment schemes, switch operators and media service providers.

Follow Dawn Business on Twitter, LinkedIn, Instagram and Facebook for insights on business, finance and tech from Pakistan and across the world.

Opinion

Editorial

Judiciary’s SOS
Updated 28 Mar, 2024

Judiciary’s SOS

The ball is now in CJP Isa’s court, and he will feel pressure to take action.
Data protection
28 Mar, 2024

Data protection

WHAT do we want? Data protection laws. When do we want them? Immediately. Without delay, if we are to prevent ...
Selling humans
28 Mar, 2024

Selling humans

HUMAN traders feed off economic distress; they peddle promises of a better life to the impoverished who, mired in...
New terror wave
Updated 27 Mar, 2024

New terror wave

The time has come for decisive government action against militancy.
Development costs
27 Mar, 2024

Development costs

A HEFTY escalation of 30pc in the cost of ongoing federal development schemes is one of the many decisions where the...
Aitchison controversy
Updated 27 Mar, 2024

Aitchison controversy

It is hoped that higher authorities realise that politics and nepotism have no place in schools.