最有看点的互联网金融门户

最有看点的互联网金融门户
国际资讯基于互联网平台的金融业务

数字钱包再现漏洞 印度一银行被窃8600万卢比

在印度使用电子钱包好像还是不太安全。黑客和反社会分子会利用开发安全漏洞,毫无痕迹地窃取电子钱包中的钱。

比如最近印度一起电子钱包被窃案件就给银行和电子钱包公司敲响了警钟:五名来自加尔各答的工科大学生利用一家私有银行电子钱包的一个安全漏洞,窃取了8600万卢比。

在银行发现此事并报警之前,这款电子钱包遭窃已经持续了几个月之久。目前,几名行窃学生已被逮捕。

安全漏洞 & 被窃的8600万卢比

去年12月,一家大规模私有银行推出了自己的数字钱包,通过该钱包,该银行的客户间可相互转账。

然而,整个过程中该银行一直未曾意识到漏洞的存在:一旦接收者的手机没有连上网络,所转现金就不能从转账者的银行账户划掉,但银行会支付同等数量的金额。

比如,Jack想通过电子钱包向Alice转1000卢比。但转账时,Alice的手机没有打开移动网络。这种情况下,当Alice打开手机网络时,银行会给她支付1000卢比,但Jack的账户却不会扣除1000卢比。

工科生Jewel Rana发现了这一安全漏洞,他组织了另外五名学生开始研究如何从中赚快钱。仅仅4个月内,他们就成功窃取了该银行多达8600万卢比。

体系也存在问题

调查过程中,警方发现这些学生找到数千张假的SIM卡,用这些卡办理假的银行账户,再用电子钱包收钱。

Jewel和他的同伙在Murshidabad区域内收集了数千张预激活的SIM卡,用这些卡开了2000个银行账户,并由此开通18000个电子钱包;开通之后,就利用这些钱包窃取银行的钱。

该犯罪团伙有偿邀请附近城市里不知情的市民们用假的SIM卡开通银行账户;这样,整个盗窃事件即有了基础。

Debashish Boral(罪犯之一)表示:"MurShidabad的一位手机服务供应商Habibur Rehman知道Jewel。Jewel带领这帮大学生进行电子钱包交易;Habibur则提供未经注册、未经授权的SIM卡。"

早前,我们已经报道了德里警方欲向电信公司罚款1000万卢比,追究其在发售SIM卡之前未对客户身份进行确认的责任。至此,这也再一次成了虚假身份信息和金钱可在印度创造奇迹的经典案例。

We have repeatedly stated that using e-wallets of digital wallets in India is still insecure and full of security loopholes which can be exploited by hackers and anti-social elements, anytime. Money from such e-wallets are vanished without any trace, and unauthorized pizza payments are made all of a sudden.

In yet another instance of such e-robbery which should be a wake up call for banks and e-wallet firms, 5 engineering students from Kolkata were able to siphon off Rs 8.6 crore using a simple loophole in one of the digital wallets launched by a private bank.

This e-robbery continued for several months, before bank officials discovered this heist and promptly informed the police who arrested these students.

The Loophole & The Rs 8.6 Crore E-Robbery

Last December, one of the prominent private banks launched their own digital wallets, and enabled wallet-to-wallet cash transfer facility for their customers.

However, the bank wasn’t aware of a security loophole in this whole process: In case the recipient’s Internet connection is switched off, then the money is not debited from the sender’s bank account; but the bank pays the money.

Say Jack is sending Rs 1000 to Alice using this digital wallet. Now, Alice’s Internet connection on mobile is switched off when Jack sends the money. In that case, when Alice switches on her mobile, the bank will pay Rs 1000 to her and no cash would be debited from jack’s account.

This major security flaw was caught by an engineering student called Jewel Rana, who formed a gang of 5 other students, and then started exploiting it for quick cash. Within 4 months, Rs 8.6 crore were robbed from the bank.

Fault Lies In Our System As Well

While investigating the case, police were stunned to find that these students were able to procure thousands of fake SIM cards, which were used to open fake bank accounts, then digital wallets to siphon off the money.

From the border district of Murshidabad, Jewel and his gang were able to get thousands of pre-activated SIM cards, which were used to open 2000 bank accounts, and which in turn were used to open 18,000 digital wallets. These wallets were then used to siphon off money from the bank.

Joint CP (crime) Debashish Boral said, “Jewel was known to Habibur Rehman, a dealer of a mobile service provider in Murshidabad. While Jewel was the brain of the gang with the college students arranging the wallet transactions, the unaccounted and unverified SIM cards were all arranged by Habibur’s men,”

Innocent villagers from the nearby cities were given incentives to open bank account using the fake SIM cards; and these formed the base of the whole scam.

We had earlier reported how Delhi Police wants to impose a fine of Rs 1 crore on those telecom firms which doesn’t verify their customers before giving SIM cards; and this is again one classic example of how fake identity and money can do wonders in India.


用微信扫描可以分享至好友和朋友圈

发表评论

发表评论

您的评论提交后会进行审核,审核通过的留言会展示在下方留言区域,请耐心等待。

评论

您的个人信息不会被公开,请放心填写! 标记为的是必填项

取消

唐 文未央青年

36
总文章数

北京理工大学英语笔译硕士在读,喜欢翻译工作,坚信任何一次翻...

印度央行宣布推出区块链平台,可用于多种银行服务应用

Samburaj D... 09-06

印度:买杯咖啡的时间就能开个银行账户

常笑 08-23

印度的新型银行,专为“害怕”银行的印度人设计

朱孔达 08-03

印度三大交易所终表态:不支持也不计划支持

Kevin Helm... 08-01

面临金融局势持续动荡,比特币在印度流行指日可待

高旭 07-07

版权所有 © 清华大学五道口金融学院互联网金融实验室 | 京ICP备17044750号-1