# 80 account holders lose Rs 20 lakh to hackers



## funskar (Jun 17, 2012)

Courtesy hackers of savings bank accounts, around 80 account holders have lost approximately Rs 20 lakh so far.
 This became known on Saturday when police registered a criminal case at city police station.

Police said amounts were withdrawn from branches of State Bank of India and State Bank of Patiala from various branches since May 25.
"The most recent incident was in the main branch of 
State Bank of Patiala wherein hackers withdrew an amount of Rs 10.10 lakh from accounts of 23 customers.
 A case under sections 406 and 420 of IPC has been 
registered,'' inspector Sandeep Kumar, 
station house officer (SHO) of city police station, who is investigating the case.

Source - *timesofindia.indiatimes.com/india/80-account-holders-lose-Rs-20-lakh-to-hackers/articleshow/14198237.cms


----------



## ankit.kumar010203 (Jun 25, 2012)

Will Bank Return Their Lost Money?


----------



## tech_boy (Jun 25, 2012)

Whose fault?
Bank or customers?


----------



## techno (Jun 25, 2012)

gaya saara rupaya paani main...shayad hi pakar me aye ktuki din ba din unki techonology bi develop kar rahi hai..........


----------



## tech_boy (Jun 25, 2012)

techno said:


> gaya saara rupaya paani main...shayad hi pakar me aye ktuki din ba din unki techonology bi develop kar rahi hai..........



+1 
Hackers are getting smarter.... Always prove to be one step forward.


----------



## ajaymailed (Jul 7, 2012)

ankit.kumar010203 said:


> Will Bank Return Their Lost Money?


depends on how fraud has happened. modus operandi, negligence.


----------



## MetalheadGautham (Jul 7, 2012)

ajaymailed said:


> depends on how fraud has happened. modus operandi, negligence.



If the users were phished, or their stupidity exploited in anyway, its not the Bank's fault. But if it was a server vulnerability on the part of the bank, they HAVE to return the money. Simple as that.


----------



## ajaymailed (Jul 7, 2012)

MetalheadGautham said:


> If the users were phished, or their stupidity exploited in anyway, its not the Bank's fault. But if it was a server vulnerability on the part of the bank, they HAVE to return the money. Simple as that.


It might be phishing. if they managed to hack server, then i guess 20 lacs is too small an amount.

even after phishing, they somehow managed to get SMS alerts and one time password sent to phone and without users knowing about it.


----------



## Desmond (Jul 7, 2012)

IMHO, the concept of money itself should be eradicated and replaced with another secured alternative. (Courtesy: Zeitgeist)



ajaymailed said:


> It might be phishing. if they managed to hack server, then i guess 20 lacs is too small an amount.
> 
> even after phishing, they somehow managed to get SMS alerts and one time password sent to phone and without users knowing about it.



Can you post source about the SMS alerts allegation, please?

This clearly looks like server-side vulnerability. It should not be possible to change the phone numbers without being logged into the system.
_Posted via Mobile Device_


----------



## ajaymailed (Jul 7, 2012)

> Can you post source about the SMS alerts allegation, please?
> 
> This clearly looks like server-side vulnerability. It should not be possible to change the phone numbers without being logged into the system.


phishing is a guess because amount is 20 lacs. if its a sever side issue then its a gr8 source of worry for all SBI customers, penetrating firewalls, getting access to server, extremely dangerous. if he is able to get the information regarding accounts numbers, balances, transfer them into their bank accounts and withdraw.


----------



## Desmond (Jul 7, 2012)

Does SBI have a OTN system for funds transfers? I don't have SBI account so no idea.
_Posted via Mobile Device_


----------



## Gauravs90 (Jul 7, 2012)

Once logged in sbi online bank acccount one can easily disable high security option which sends password on users mobile. But they will also need second password( SBI uses two passwords to operate online account) to disable high security option which is unlikely to be obtained by phishing.

But high security is not enabled by default!!!!
One have to enable it and I don't think most users enable the high security option.


----------



## ajaymailed (Jul 7, 2012)

Gauravs90 said:


> Once logged in sbi online bank acccount one can easily disable high security option which sends password on users mobile. But they will also need second password( SBI uses two passwords to operate online account) to disable high security option which is unlikely to be obtained by phishing.
> 
> But high security is not enabled by default!!!!
> One have to enable it and I don't think most users enable the high security option.


they should still get messages when someone adds beneficiary for transferring funds . It takes 16 hours to create a new beneficiary and SMS alerts are sent many times in that period to warn user that beneficiary is added.



> Does SBI have a OTN system for funds transfers? I don't have SBI account so no idea.


whats OTN System?


----------



## Desmond (Jul 8, 2012)

ajaymailed said:


> whats OTN System?



In order to add a beneficiary, a code is sent to the account holders phone via SMS. The account holder enters that code into the portal to authenticate that beneficiary.
_Posted via Mobile Device_


----------



## Gauravs90 (Jul 8, 2012)

Yes, SBI has OTN system and the best feature I found is one can create virtual credit card.


----------



## krazylearner (Jul 8, 2012)

it is not first time that their security is penetrated .In the past a hacker stole about 4 lakhs from the sbi manager account.Also their websites are regularly targeted by russian hackers .Sometimes they shut them temporarily.


----------



## thetechfreak (Jul 8, 2012)

This is sad. Just came across this thread. Government Banks should really beef up their Internet security. This is purely UNACCEPTABLE.


----------



## funskar (Jul 8, 2012)

thetechfreak said:


> This is sad. Just came across this thread. Government Banks should really beef up their Internet security. This is purely UNACCEPTABLE.



First govt banks should stop piracy


----------



## Gauravs90 (Jul 8, 2012)

funskar said:


> First govt banks should stop piracy



What you mean...


----------



## prasanth11 (Jul 8, 2012)

Recently SBI has changed policy for Third party Fund transfer

FAQs on New Beneficiary Addition Process:

    What is the change in the beneficiary addition process?
    Now you can add and approve only one beneficiary in each of the following categories : SBI, Inter-Bank, VISA and State Bank Group, in a calendar day, which will be activated by the system during the next calendar day. You can commence funds transfer only after activation of beneficiary.

* Can a new beneficiary be activated on the same day?*

    If you wish to activate the beneficiary on the same day, you will have to click on "Branch Activation Form" in "View" tab of corresponding beneficiary category. The duly signed form needs to be submitted to the Branch for immediate activation.

*  What if I want to add more than one beneficiary in a day?*

    If you have already added a beneficiary, which is pending for activation, you can add another beneficiary only after the activation of the previous request. If you wish to activate your previous request immediately, you can submit the beneficiary activation request form to your branch.

* How will I come to know that the beneficiary added by me has been activated?*

    You will receive a confirmation SMS advising activation of your beneficiary on your Internet Banking registered mobile number.

*  Can I transfer funds to beneficiary up to the daily limit of Internet Banking immediately upon activation?
*
    During the first 5 days after activation, you may not transfer more than Rs. 50,000 in the aggregate to the beneficiary added by you. Thereafter, the full per day limit, as set by you, subject to maximum of Rs. 5 lakh, will become available.

    Example: If you have added a beneficiary on Monday, it will get activated on Tuesday and till Saturday, you will be able to transfer a total amount of Rs. 50,000 to this beneficiary. From Sunday onwards, you will be able to transfer up to Rs. 5 lakh to this beneficiary per day.

*
    Can I get my newly added beneficiary approved or activated over phone call/ e-mail to Bank or Bank's representative?*

    No. Such requests will have to be made in writing under your signature, and submitted to the branch which has given Internet Banking to you.


-----

I added a payee on monday,till saturday, SBi sending me reminder sms that a third party payer has added to your account,if you havent added please delete it


----------



## Desmond (Jul 8, 2012)

You mean pirated versions of Windows etc?
_Posted via Mobile Device_


----------



## ajaymailed (Jul 8, 2012)

krazylearner said:


> it is not first time that their security is penetrated .In the past a hacker stole about 4 lakhs from the sbi manager account.Also their websites are regularly targeted by russian hackers .Sometimes they shut them temporarily.


the question is why don't they target HNI accounts and steal tens or even hundreds of crores if security is penetrated.


----------



## funskar (Jul 9, 2012)

Gauravs90 said:


> What you mean...



Pirated windows in govt banks..



DeSmOnD dAvId said:


> You mean pirated versions of Windows etc?
> _Posted via Mobile Device_



Yeah Brother


----------



## GhorMaanas (Jul 9, 2012)

am facing difficulty to receive a couple of payments transferred from SBI accounts 2-3 days back. not yet credited to my account. could this issue be due to the situation discussed above?


----------



## ajaymailed (Jul 10, 2012)

GhorMaanas said:


> am facing difficulty to receive a couple of payments transferred from SBI accounts 2-3 days back. not yet credited to my account. could this issue be due to the situation discussed above?


it should not take 2 to 3 days to transfer money within the country. just enquire regarding that.


----------



## Desmond (Jul 10, 2012)

This incident highlights a serious issue regarding declining coding standards and poor coding practices among IT service providers. This reminds me of the "NatWest Bank incident", wherein customers fund transfers were left suspended and no one knew what happened to them because of a software glitch. Everyone blames poor coding practices for this.

Perhaps SBI should've outsourced its portal development to more a more reputable company. But, it is the developers responsibility to ensure that all security holes are plugged.


----------



## GhorMaanas (Jul 10, 2012)

finally one of the payments got credited today! though the other payment still needs to see the light of the day.


----------



## diagus (Jul 12, 2012)

is this the news but it says thiefs caught
11-member gang swindles Rs 5 lakh off SBI online account - The New Indian Express


----------



## Desmond (Jul 12, 2012)

diagus said:


> is this the news but it says thiefs caught
> 11-member gang swindles Rs 5 lakh off SBI online account - The New Indian Express



This one looks like a different news to the one in OP. If these are the same guys, then as stated, phising is to blame.


----------



## The Conqueror (Aug 3, 2012)

They should stop using Internet Explorer


----------



## Usui1811 (Aug 6, 2012)

Now thats something which gives bad names to hackers !! Come on dude, when you have brain use it wisely, dont make the poors cry !!


----------

