Far Eastern Bank heist probe intensifies | Sunday Observer

Far Eastern Bank heist probe intensifies

Much attention was placed on a bank heist where the Far Eastern Bank in Taiwan was hacked and money in it transferred to accounts of the hackers.

Two Sri Lankans were found to have connections to the incident when the money landed in one of their accounts. They were arrested and remanded till further investigations are carried out. According to the Criminal Investigation Department (CID) officials who are conducting the investigation are currently analyzing all electronic devices that were seized.

Bank robbery

On the 6th of this month, the Far Eastern International Bank of Taiwan informed its Financial Supervisory Commission (FSC) and the Criminal Investigation Bureau (CIB) that it has been hacked through a malware that has infiltrated the bank’s system and a sum amounting to 60 million US dollars transferred. It was also revealed that the money so transferred was remitted to the United States, Cambodia and Sri Lanka. Out of the 60 million US dollars, most were recovered save US dollars 500,000 unaccounted for. According to Taiwanese media reports based on the bank’s investigations, it was disclosed that a malware was implanted within its computer system. Emails had been sent to a few bank officials and when one clicks on the link on the email the malware gets triggered and the hackers obtained a gateway to virtually transfer money to accounts of their choice. They were further able to erase any warnings that were generated through the system as well. The CID team headed by Director SSP Shani Abeysekara is carrying out further investigations into the matter.

Two representatives from the CIB of Taiwan and an investigator from the Far Eastern Bank arrived in Sri Lanka last Thursday. “They are satisfied with the speed of investigations,” CID officials informed.

According to the CID, the initial arrest was made when the account holder of the account to which the money was transferred through the Far Eastern Bank returned the second time to the Bank of Ceylon head office to make a withdrawal of eight million rupees. The account holder identified as J C Nammuni initially made a withdrawal of rupees 30 million on October 4.

“We received a direct complaint from the Bank of Ceylon head office on the 6th. At that moment the first suspect was detained by the bank officers. And then he was handed over to the Colombo Fort police. Then they directly came to the CID and lodged a complaint,” Officer in charge of the investigation of the CID, IP Sugath Amarasinghe told the Sunday Observer. The CID managed to unravel vital information during questioning and inspection of the mobile phone belonging to J C Nammuni.

“We were able to examine his electronic devices. Evidence against him was WhatsApp messages and initially, the first suspect revealed some information. We checked this information and concurrent evidence such as the CCTV footage obtained by the BOC.”

CID managed to obtain substantial evidence against the second suspect who was at that time untraceable. CCTV footage clearly showed that the second suspect who was later identified to be Shalila Moonasinghe had accompanied Nammuni on his first visit to the bank where he made the initial withdrawal. After absconding Shalila Moonasinghe subsequently surrendered himself to the CID upon which he was arrested on the 7th and produced before the Fort Magistrate. Moonasinghe who was the former Chairman of LITRO Gas, a state owned enterprise, was interdicted from his post pending investigations.

According to the B report filed in court upon the arrest of Moonasinghe, upon questioning, he had revealed that two Indian nationals were also part of this heist. However, they have managed to flee to Dubai on the 8th.

“According to what Moonasinghe told the CID, the two Indians were his longtime associates and they have been involved in some tenders. They were trying to get some contracts through Moonasinghe,” CID revealed. When inquired of any information pertaining to the two Indian nationals the investigating officer stated; “We currently have passport details/ copies of the Indians and are trying to verify the information in it so as to ensure that they are not fake passports.”

Sunday Observer inquired from the Indian High Commission as to whether they have obtained any request through the CID seeking assistance in locating them, to which they said there was no such request.

“Such a request is actually a very long procedure and we doubt that the investigations will be channelled through us,” said an official of the Indian High Commission.

According to the CID, information on the two individuals and messages had already been conveyed through Interpol but going through the Indian High Commission is a long procedure as we have to first obtain the permission from the high court.

In his statement, Shalila Moonesinghe had said that the money received was sent to them by a party who had shown interest to invest in the country and had stated that they had been deceived into taking possession of the money.

With increasing cyber attacks and virtual bank heists, the question arises how safe a country’s cybersecurity systems is and the laws that are put in place to deal with crimes and criminals in this arena.

Supervision of the Central Bank of Sri Lanka (CBSL) A A M. Thassim, Central Bank as a regulator has placed certain guidelines and ensures that our systems are thorough to avoid any type of cyber risks that come in. Central Bank has given guidelines that the banks should adept to overcome such situations.

“What is important to understand is that irrespective how advanced and current such guidelines are given this is such an evolving subject; something new can always come up. Even in this particular incident once they got into the SWIFT system it went to the entire gamut of the US and that of other countries which were involved in this,” he said.

“We regularly make supervisions on banks to check this,” he said.

It is the bank’s duty to check the bonafides of each transaction and the Suspicious Transactions Reporting Act allows officials to raise red flags and inform relevant authorities and departments to any suspicious activities.

With the implementation of the new Exchange Controls Act, that will come into effect from today the laws pertaining to exchange controls in the country will be liberalised.

“We have a partially liberalized exchange control regime so the new act will be introduced soon,” an official of the Central Bank claimed.