This is my First thisis.##THISIS##-1.Digital Heist, safety & security of Banking.

Digital Heist, safety & security of Banking.

Introduction:
Recently, the digital fraud through information technology has been widely spreaded in all quarters concemed. After occuring fraud in ATM card, credit card, POS machine, it is now happened in the foreign exchange reserve of all the Bank all over the world.Subscribers are being alarmed to use their banking card in transaction due to various cyber hacking. Because, a large amount of money has been stolen through illegal cyber attack. Having faced with such crime, billions of doller are being invested to update technology and exact different laws.

Cyber crime Or Heist:
In the era of information technology most of the people are familiar with two words -Internet and server. Internet security is very important in today’s world because millions of information that are important and confidential are preserve here. when the hacker find any flaw in the system of technology security, they attack it and steal information, they commit various offences such as Bank heist, ATM forgery, credit card fraud etc. This action is called hacking. Hacking is considered unauthorized cyber crime or heist around the world.

Why of hacking:
The man who hack are known as hackers. Hackers can enter into the system both legally or illegally. In this way they can either help a person or an organisation to find security flaws and correct it or they can use it for their own ill interest. Such kind of activity are done by the persons who are skilled in the knowledge of computer and networking. Hacking is done through the BIOS chip. BIOS chip is a firmware of a computer’s motherboard where a microchip remains. BIOS help to boot the computer and to load operating system. It infects the main software and generally antivirus and other security tools and software can not detect them. As a result the hacker can easily insert the malware in the system. Sometimes malware may remain in the system eventhough the computer operating system is re-installed or deleted. Then the hacker can heist from remote place via email or through the physical interdiction system. The Researcher’s call it Interdiction Vulnerability’s which allows hacker to enter into BIOS. Once they can do it, they can derive maximum advantage out of it and thus they take control over the system.

For Example-Heist in Bangladesh Bank :
The hacker have stolen $101 millions (Tk.800 crore) foreign exchange reserve from Bangladesh Bank on February 5, 2016 by a hacker
group of china. The gang of hackers hacked the swift code and moved to Sri Lanka and Philippines. This type of cyber crime using SWIFT code occurred in Bangladesh for the first time and $101 millions is the fifth largest amount in the history of banking fraud. The recent siphoning off of US $101 million from Bangladesh bank by international cyber criminals has brought the security unpreparedness of Bangladesh-e institution to the limelight and end users alike. A criminal gang of international cyber hackers have stolen about $1 billion from 100 financial institutions over the last two years. While financial institution such as Bangladesh bank has the resources to combat these attacks, people are left to wonder how end users in Bangladesh, where about 22 percent of mobile users have faced one from of malware attack or another over the last one year, which accroding to Kaspersky data in the highest in the world are going to protect themselves.

Tools for Hacking:
The hackers, who stole $101 million from Bangladesh Bank reserves used sophisticated tools to break into its payment system’s harvested credentials and erased most traces of activity after accomplishing their task. The hackers installed key loggers to steal password by monitoring kyeboard activities and attacker utilities to maximise their changes of success. In addition at least 32 other computer of the Bangladesh bank network were hacked in an attempt to steal about $1 billion out of the central bank reserves with the New York Fed on the nigth of February 4, according to the interim report of US based FireEye and information cyber security. The first suspicious login came on January 24. Five days later on a quiet Friday (January 29) the attacker installed SysMon an advanced back ground monitor in SWIFTLIVE and left it running for a full day. SWIFTLIVE is the main platform of the Bangladesh bank usign which it issues international payment orders. SysMon is a back ground service that logs security related process and network activity to the Windows event log. On both SWIFT platforms known as SWIFTLIVE and SWIFTVAT, the attackers operated exclusively from the very beginning with local administetor account.

ATM card frauds and failure of other Bank:
The use of smart cards (debit & credit) is now a way of life for urban citizens. Given the ease of use and convenience, we simply cannot afford to have any lapses in security. There are some 8.5 million such cards in circulation and some banks have already introduced microchip based cards which acts to protect card holders from this sort of cyber crime precisely. As the technology is there to protect against skimming, there is no excuse not to use it. The first rude awakening came after the discovery and complaints about the misuse of ATM machines belonging to some bank and withdraw of a large amount of money without authorisation of the account. This led to arrest by the authority of 14 persons on march 4, 2016. Among them there were 12 foreign nationals who were allegedly members of international cyber crime gangs. They had fraudulently used social media platforms and also hacked identity of individual customers to carry out their nefarious act. This persuaded Bangladesh bank recommending to all banks and financial institutions to ensure cyber security governance. They were also urged to take measure for ascertaining existing technical gap assessment and vulnerability through comprehensive cyber security risk study. In this context Bangladesh bank emphasised that cyber security should be treated by all financial institution as a collective responsibility.
However, the disappointing aspect of the sermon from Bangladesh bank was that, while giving necessary advice to all concerned, they had forgotten to heed their own suggestion and failed to take adequate precaution of their own institution and its relationship with other associated financial partners abroad.

Our Weakness:
It is a matter of great regret that we are lagging behind and can’t keep pace with the first developing digital world. We still have to buy sophisticated software from foreign oriented institution and more alarmingly depending on them for its maintenance. When any software stops working or goes to work order we need to go abroad for its repairing. This often takes some days weeks and this time the affected software remaining unsafe. We are not having excellent IT exparts. The more we are being victim of hacking as we are not in a safe and sound position in the case of Internet safety.

Steps to be Taken:
Since our banking sector is experiencing a tremendous insecurity, wise steps should be taken like the following.
1.First : we should produce the concerned domestically and use them properly for our banking sector to eradicate the cyber fraud for the next time.

1. Second : we need timely action considering current experience, otherwise serious financial fraud may be occurred in future and crash our bank and financial sector.
2. Third : several taskforce should be formed by law enforcers and IT specialist so that they will keep an eye to the digital security.
3. Fourth : It is essential to increase the use of modern technology day by day. Antivirus and security software must be updated due to ensure proper security.
4. Fifth : According to international statistics, 70 percent to 80 percent hacking related incidences occur with the connivance of officials. Because, it is never possibly to hack SWIFT code without the help of internal secret information. So government should always observe these unscrupulous officials and ensure deterrent punishment.
   Lastly, we hope authorities will prioritie drafting policies that will make it mandatory for financial institutions to initiate end-to-end secur and encrypted communication to safeguard clients information that will foil future malware attacks.

Written by “@rumaraj”

My main document in google drive.
Google drive link-https://drive.google.com/file/d/1lvB64y7RXDNExMZHxI514pNFo3FGIITN/view?usp=drivesdk