安全漏洞 & 被窃的8600万卢比
Debashish Boral（罪犯之一）表示："MurShidabad的一位手机服务供应商Habibur Rehman知道Jewel。Jewel带领这帮大学生进行电子钱包交易；Habibur则提供未经注册、未经授权的SIM卡。"
We have repeatedly stated that using e-wallets of digital wallets in India is still insecure and full of security loopholes which can be exploited by hackers and anti-social elements, anytime. Money from such e-wallets are vanished without any trace, and unauthorized pizza payments are made all of a sudden.
In yet another instance of such e-robbery which should be a wake up call for banks and e-wallet firms, 5 engineering students from Kolkata were able to siphon off Rs 8.6 crore using a simple loophole in one of the digital wallets launched by a private bank.
This e-robbery continued for several months, before bank officials discovered this heist and promptly informed the police who arrested these students.
The Loophole & The Rs 8.6 Crore E-Robbery
Last December, one of the prominent private banks launched their own digital wallets, and enabled wallet-to-wallet cash transfer facility for their customers.
However, the bank wasn’t aware of a security loophole in this whole process: In case the recipient’s Internet connection is switched off, then the money is not debited from the sender’s bank account; but the bank pays the money.
Say Jack is sending Rs 1000 to Alice using this digital wallet. Now, Alice’s Internet connection on mobile is switched off when Jack sends the money. In that case, when Alice switches on her mobile, the bank will pay Rs 1000 to her and no cash would be debited from jack’s account.
This major security flaw was caught by an engineering student called Jewel Rana, who formed a gang of 5 other students, and then started exploiting it for quick cash. Within 4 months, Rs 8.6 crore were robbed from the bank.
Fault Lies In Our System As Well
While investigating the case, police were stunned to find that these students were able to procure thousands of fake SIM cards, which were used to open fake bank accounts, then digital wallets to siphon off the money.
From the border district of Murshidabad, Jewel and his gang were able to get thousands of pre-activated SIM cards, which were used to open 2000 bank accounts, and which in turn were used to open 18,000 digital wallets. These wallets were then used to siphon off money from the bank.
Joint CP (crime) Debashish Boral said, “Jewel was known to Habibur Rehman, a dealer of a mobile service provider in Murshidabad. While Jewel was the brain of the gang with the college students arranging the wallet transactions, the unaccounted and unverified SIM cards were all arranged by Habibur’s men,”
Innocent villagers from the nearby cities were given incentives to open bank account using the fake SIM cards; and these formed the base of the whole scam.
We had earlier reported how Delhi Police wants to impose a fine of Rs 1 crore on those telecom firms which doesn’t verify their customers before giving SIM cards; and this is again one classic example of how fake identity and money can do wonders in India.