Nepal | September 16, 2019

Chinese men held for cyber heist worth millions

• Stole from ATMs in Nepal, India • Rs 12.63 million recovered • Five arrested, three at large

Ujjwal Satyal

Kathmandu, September 1

Police have arrested five Chinese nationals in connection with the country’s biggest cyber heist in the banking sector and recovered approximately Rs 12.63 million they stole from several ATMs in Kathmandu.

Those taken into police custody are Lin Jianmeng, 39, LuoJialei, 40, Zhu Lianggang, 32, Qui Yunging, 30, and Chen Bin Bin, 35. All of them had arrived in Nepal last Friday and were planning to flee to their home country tomorrow. Three other Chinese nationals involved in the debit card scam are at large. Police said their identities had been circulated to all police stations and Tribhuvan International Airport for arrest.

Nepal Rastra Bank stated that a total of Rs 16.87 million was looted in the cyber attack from Nepal between 11:00am
and 4:30 pm yesterday. Hackers also withdrew INR 12.4 million from various ATMs in India.

Nepal Electronic Payment System has claimed that Nepali banks lost over Rs 35 million in the cyber heist.

The hackers, according to police, used electronic cards of at least six banks — NIC Asia, Siddhartha, Janata, Global IME, Prabhu and Sunrise — and used them at ATMs of three banks — Nabil, Nepal Investment and Nepal SBI — to illegally withdraw the money in Nepal.

Police have so far recovered around Rs 12.63 million from the five Chinese nationals and rest of the cash looted from Nepal is suspected to have been carried away by the three absconders. “It might take a few more days to calculate the exact amount looted through the cyber attack,” said Shiva Ram Dawadi, head of IT Department at NRB.

The hackers allegedly injected malware into Nepal Electronic Payment System, a shared card switching system of 17 banks, to drain the cash from the ATMs. NEPS was established by a group of Nepali banks to process cash withdrawal requests. It basically carries a message sent by issuers of electronic cards, such as VISA, to member banks, whose cards are used for cash withdrawals. ATMs emit cash only after member banks give approval. In the latest cyber heist, the malware apparently gave ATMs the instruction to emit cash before the request to withdraw cash could reach the member bank.

“The malware allowed Chinese hackers to steal the money available in the ATMs without debiting bank accounts of depositors,” Nepal Bankers’ Association President Gyanendra Prasad Dhungana said. This means the cash was not stolen from accounts of depositors but from the vaults of ATMs.

The biggest cyber heist in Nepal’s banking sector was noticed by Nabil Bank staff on Saturday after the ATMs ran out of cash though they were refilled on Friday evening. The hackers had used Prabhu Bank’s debit card at Nabil’s ATM to withdraw cash. Generally, an ATM holds Rs 2.5 million in cash.

“Normally, ATMs get lesser visitors on Saturdays and other public holidays. But two booths of Nabil Bank were emptied in a short duration, which drew the attention of bank staffers, who then informed about the incident to police,” said Prabhu Bank CEO Ashok Sherchan.

Acting on information provided by bank staffers, police first held Zhu from the Durbar Marg-based ATM kiosk of Nabil Bank at around 4:30 pm, leading to arrests of four others from Maya Manor Boutique Hotel at Hattisar. Deputy Superintendent of Police Hobindra Bogati said, “Four of them were arrested from the sixth floor of the hotel when they were preparing to flee.” Police, however, failed to arrest three other Chinese nationals, who were staying in the third floor of the same hotel. The racketeers had booked three rooms at the hotel.

Police have confiscated 132 duplicate and 17 original VISA cards, a card printing machine, six mobile phones, a laptop and a data card from the Chinese hackers.

Had the bank staffers not noticed the incident and informed authorities on time, the hackers would have emptied many more ATMs and fled the country, according to bankers.

Senior Superintendent of Police Uttam Raj Subedi, in-charge at Metropolitan Police Range, Teku, said, “We are also looking for Nepali suspects who may have assisted the Chinese men in hacking VISA system of the banks.” He added that since hacking is often committed from abroad, Nepal Police with the support of NBA would conduct an investigation to establish the location where the hacking was guided from.

The NBA has appealed to bank customers not to panic because of the cyber attack as their deposits are safe and intact.


A version of this article appears in print on September 02, 2019 of The Himalayan Times.

Follow The Himalayan Times on Twitter and Facebook

Recommended Stories: