Rinat Abdullin, Altynbank: ‘There are various methods to transfer assets out’
Central Bank of Russia concedes that banks can use hacker attacks to conceal errors or to transfer assets out of the bank
Banks can take advantage of hacking attacks, supposes the Central Bank of the Russian Federation – to conceal errors, or to transfer assets out. The regulator became suspicious after the revocation of the licences of the affected banks. Tatarstan bankers that were affected by the cyber criminals consider that 'unscrupulous' credit institutions really can use this method to transfer funds out, but the fact of an attack itself is not the reason to revoke licenses and to inspect. Read more in the article of Realnoe Vremya.
'We suppose that credit organizations can use this mechanism to transfer money out'
First Deputy Head of the Bank of Russia Georgy Luntovsky at the Ural Forum came out with the suggestion about possible use of hacker attacks to transfer funds out.
'We assume that financial institutions use this mechanism in order not only to conceal the previous crimes or mistakes but also to transfer money out of the bank. We are worried about it,' reported Interfax the words of the speaker.
In the first place, it concerns those banks which have already been revoked with licenses. Thus, according to the Central Bank, in the fourth quarter of 2015 three banks, which previously were subjected to cyber attacks, lost their licenses.
According to Luntovsky, on the fourth quarter of 2015 from customers' accounts through hacking was stolen more than 1.5 billion rubles. In 2016, the Central Bank, the Ministry of Internal Affairs and the banks themselves failed to prevent the embezzlement of more than 500 million rubles.
Tatarstan victims
The most high-profile case of hacker attack in Tatarstan was the February story with Energobank. On 27 February 2015, at Moscow Exchange there were unusual transactions in a pair US dollar / ruble with calculations 'tomorrow' (USD/RUB_TOD) – the price within 10 minutes deviated from 55 to 66 rubles! During tradings at Moscow Exchange the dollar sank sharply to 55.36 rubles, and then quickly grew to 66.33 rubles. Most stock market speculators noted wrong actions of one of the traders of Energobank, who sent requests directly to the market, 'eating' all of the bank's liquidity.
After that Energobank tried to recover 243 million rubles through legal action from the largest Russian brokers JSC Finam, Brokerage House Otkrytie, PLC Company BKS. Later it became known that these weird actions were caused by a virus. Energobank gave reasons for its actions by cyber attacks. Later, a version of a virus in the computer of the bank, from which were made these transactions, was confirmed by the Ministry of Internal Affairs of RT. Head of production development of Group-IB Pavel Krylov even named the perpetrators of this hacking attack – 'successful Corkow group'.
The second high-profile hacking scandal was at Altynbank at the end of the year. That time the Central Bank temporarily disabled the credit organization from the payment system BESP (Bank Electronic Due Payments). Later it became known that hackers tried to transfer 60 million rubles out. Taking into account the resonance from cases, the Ministry of Internal Affairs even had to hold separate briefing on the cyber criminals.
'Cyberattack was not the reason for revocation of the license'
However, both Tatarstan credit organizations successfully continue working now.
'Today, the bodies of Internal Affairs carried out the work of detention of those funds on the accounts. Accounts were arrested. The funds are there. We are planning to get them back legally,' told the chairperson of Altynbank Renal Abdullin to Realnoe Vremya.
According to Rinat Abdullin, the Central Bank calls the cyberattack as one of the ways to transfer assets out, but the fact of an attack does not indicate anything:
'The Central Bank revoked the licenses of banks that were hacked, but the reason was the loss of liquidity or conducting suspicious transactions, a cyberattack was not the reason for revocation of the license,' told the head of Altynbank. 'There is information in media that now banks are unscrupulous, the owners or the management of which transfer assets out. The representative of the Central Bank said that one of the possible channels for this action might be a hacking attack. There are various ways to transfer assets out: unsecured loan to relatives or related companies, there are many ways how to do it through the courts.
Rinat Abdullin hasn't heard about any additional inspection from the Central Bank of the credit institutions — victims of hacker attacks:
'It was only a mere supposition of the representative of the Central Bank. What it was based on, it's hard for me to say, but it is a pity that there is quite a few information on this issue. Of course, now the Central Bank is making great efforts to improve the security of banks against hacker attacks, various requirements for banks are being tightened in this direction. And the banks themselves should trouble about their money.'
Representatives of Energobank did not give any comment at the time of publication.