TAIPEI (Taiwan News) – Police in Sri Lanka arrested two suspects in connection with a suspected theft of up to US$60 million (NT$1.8 billion) by hackers from Taiwan's Far Eastern International Bank.
The company is the latest bank to fall in the trap of malware planted on its services by hackers located abroad, laundering millions of dollars all the way to a bank in Sri Lanka.
According to reports, an unauthorized transfer of a total amount of US$60 million was illegally transferred to banks located in Colombo, Sri Lanka and the United States of America.
Police in Sri Lanka have reportedly arrested two men in connection to the laundering, while the authorities claim to have recovered about US$500,000 of the stolen funds so far, with the search for the rest still continuing, according to local media reports in Sri Lanka.
One of the arrested men was named as Shalila Munasinghe, the chairman of gas company LITRO Gas, the leading gas cylinder distributor and largest Liquid Petroleum Gas supplier in Sri Lanka.
The investigation which was conducted by the Taiwanese authorities started on Friday and led to Munasinghe after US$1.1 million from the Far Eastern International Bank was found in his personal bank account.
The news came to the forefront when Far Eastern International Bank revealed on Friday that its computer system had been implanted with malware which had affected some of the bank’s PCs and servers as well as the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network.
SWIFT is a members-only organization which provides safe and secure financial transactions for its members via a standardized proprietary communications platform that can facilitate the transmission of information about financial transactions.
The hackers used malware to conduct virtual transactions to move funds of US$60 million to different locations abroad, which include Sri Lanka, Colombia and the US.
A team of Taiwanese investigators have requested to travel to Sri Lanka themselves to take the matters in their own hands and investigate properly.
Hackers infiltrate the SWIFT system to create a false bank-to-bank transaction by sending a malware-affected email to the bank employees. When the employees open the email, the malware encoded in the mail is automatically downloaded into the computer system, which the hackers then use to order false transfers as they gain access to the bank's computer systems.
Some of these transfers are rejected but mostly approved, allowing the hackers to send the funds to whichever bank account they choose in whatever location.
Taiwan was earlier a victim of a similar hacking ploy when a group of about twenty East Europeans managed to withdraw up to NT$80 million in cash from automated teller machines of First Bank across Taiwan. Although most of the money was later recovered, only three members of the gang were arrested and sentenced to prison by the Taiwanese government.