MANILA, Philippines — Hackers have allegedly stolen millions of pesos through a combination of massive automated teller machine (ATM) withdrawals and online transfers from state-owned United Coconut Planters Bank (UCPB) during security upgrade over Philippines’ Independence Day weekend.
According to the Inquirer, authorities believe that in atleast one case, the perpetrators are a syndicate of Nigerians and Filipinos who were able to bypass built-in computer safeguards and made 57 withdrawals from a single ATM and emptied the machine’s entire stock of P4 million in cash.
Authorities from Bangko Sentral ng Pilipinas (BSP), Department of Finance and UCPB itself are now conducting their investigation on the heist.
Based on initial investigation of BSP, central bank Governor Benjamin Diokno said that no bank account enrolled with UCPB has been compromised.
“Initial investigation results also indicate no financial losses or damages were incurred by UCPB account holders in this particular incident.”
BSP central bank Governor Benjamin Diokno
An official, who has requested to remain anonymous, revealed that the perpetrators created 13 bank accounts with UCPM in May of this year and left them dormant. “All those parties who opened the accounts are included in the complaint the bank filed with the National Bureau of Investigation,” the official added.
Another official said that upon checking videos of the ATMs, the NBI identified the people, who made 57 withdrawals during those three days, as Nigerians. The said hackers are also believed to be on the government’s watchlist of potentially suspicious personalities.
It all started February this year when UCPB decided to upgrade its two decade-old nterscan Messaging Security Virtual Appliance system from another service provider to MS Exchange Online Protection offered by Microsoft. UCPB initially adopted the Microsoft service without any security features but was later on convinced to do so.
The bank insider said the malware or computer virus have surveillance and remote access functions that allowed the suspects to watch and learn how the bank processed, sent and received cash online.“In the process, a vulnerability was left open,” an official said. “And that’s what these hackers exploited.”
Reports found that the hackers were able to insert malware into UCPB’s IT system using an email attachment because there were no safeguards during this transition period.
The installed malware or computer virus have surveillance and remote access functions that allowed the suspects to watch and learn how the bank processed, sent and received cash online. It also allowed the hackers to penetrate UCPB’s system and lift ATM withdrawal limits from P20,000 a day to P9,999,999 — far in excess of the P4 million that a single cash machine can hold.
Reports say that the hackers were also able to go around transfer limits of the Instapay service of P50,000 a day.
“They only used Instapay because those are realtime transactions. PesoNet (a similar interbank money transfer service the specializes in larger volumes) does batch processing, which is slower, but makes it easier to detect anomalies.”