Author: Shilpa Mandal, Centurion University of Technology and Management, Bhubaneswar
TO THE POINT:
The Cosmos Bank Cyber Scam of 2018 involving a loss of approx. Rs. 94.42 crores are regarded as one of the India’s most significant cyber banking fraud case. The scam occurred when hackers infiltrated the bank’s ATM server through malware, enabling unauthorized withdrawals from thousand of ATMs across 28 countries. The offenders also exploited the SWIFT payment system to transfer funds to foreign accounts illegally. This incident exposed serious gaps in the cybersecurity infrastructure and internal control mechanisms of the banking sector. It highlighted the growing challenges posed by digital financial crimes and the urgent need for stronger cyber security measures and effective legal safeguards. The scam not only affected the reputation of the banking system but also raised concerns regarding the protection of customer’s financial information in an increasingly digital economy. The subsequent investigations brought attention to the importance of coordinated efforts among financial institutions, law enforcement agencies and regulatory authorities in combating cyber – enabled frauds. This article analyses the legal dimensions of the Cosmos Bank Cyber Scam, the evidence relating to the offence, the applicable legal provisions and its broader implications for India’s Cyber and banking regulatory framework.
USE OF LEGAL JARGONS:
The Cosmos Bank Cyber Scam involved legal terms that help explain how the crime was committed and how it was dealt with under the law. One of the most important terms is cyber fraud which refers to the use of computers, digital systems or the internet to commit financial crimes. The fraudsters gained unauthorized access to the bank’s network and used malware which is a harmful software program to infect the bank’s ATM server and gain control over certain banking operations. The case also involved criminal conspiracy under Section 120B of the Indian Penal Code (IPC) as the crime was planned and carried out by a group of individuals working together. Another relevant offence is Cheating under Section 420 IPC as the hackers dishonestly caused financial loss to the bank. The scam further involved a data breach where sensitive banking information was accessed illegally. Since, the offence was committed through digital means, electronic evidence such as transaction records, server logs, IP addresses and CCTV footage became important during the investigations. The provisions of the Information Technology Act, 2000, especially those relating to hacking, unauthorized access and computer – related offences were also applicable. The illegal transfer of money through the SWIFT system raised concerns about international cybercrime and financial security. These legal concepts highlight the seriousness of cyber offences and demonstrate the need for strong laws and effective cybersecurity measures to protect financial institutions from similar attacks in the future.
THE PROOF:
The evidence proving the Cosmos Bank Cyber Scam was mainly based on digital records, banking data and forensic investigations. The scam was discovered in August 2018 when Cosmos Bank noticed several unusual ATM transactions taking place within a very short period. Upon investigation, it was found that hackers had attacked the bank’s ATM switching server by installing malware. This allowed them to approve transactions without proper authorization and withdraw money illegally from ATM’s located in 28 countries. Investigators found that nearly 14000 fraudulent ATM transactions were carried out using cloned debit card information causing a loss of about Rs. 80 Crores. In addition, the hackers used the SWIFT international payment system to transfer around Rs. 13.92 crores to bank accounts outside India. These transactions were neither approved nor recorded through normal banking procedures, raising immediate suspicion.
Digital forensic experts examined the bank’s computer systems and confirmed that malware had been used to manipulate transaction data and bypass security controls. Important evidence included server logs, ATM transactions records, IP addresses, digital communication records and reports prepared by cybersecurity experts. These records clearly showed that the attack was carefully planned and executed by a group of cybercriminals. The investigation further revealed weaknesses in the bank’s cybersecurity system, which enabled the hackers to gain unauthorized access. The collected evidence proved that the incident was not a technical mistake or system failure but a deliberate cyber fraud carried out with the intention of stealing money. The findings highlighted the growing threat of cybercrime and the importance of strong digital security measures in the banking sector.
ABSTRACT:
The Cosmos Bank Cyber Scam of 2018 is one of the most notable cyber fraud cases in India’s banking sector. The scam led to a loss of approximately Rs. 94.42 crores and revealed serious flaws in the cybersecurity systems used by financial institutions. The fraud was carried out when hackers gained unauthorized access to the bank’s ATM switching server through malware. This enabled them to make thousands of illegal ATM withdrawals using cloned debit card information from different parts of the world. The criminals also misused the SWIFT payment system to transfer a large amount of money to foreign bank accounts without the bank’s knowledge or approval.
The incident exposed the increasing dangers of cybercrime in the digital age and demonstrated how weaknesses in technology can be exploited for financial gain. It also raised concerns about the safety of online banking services and the protection of customer’s confidential information. After the fraud was detected, investigations were conducted by law enforcement agencies, cyber experts and banking authorities. Digital evidence such as transaction records, server logs, ATM withdrawal data and forensic reports played a crucial role in uncovering the details of the scam.
The case highlighted the need for stronger cybersecurity measures, regular monitoring of banking systems and strict compliance with legal and regulatory requirements. It also emphasized the importance of the Information Technology Act, 2000 and other criminal laws in dealing with cyber – related offences. This article examines the facts of the Cosmos Bank Cyber Scam, the legal issues involved, the evidence gathered during the investigation and its impact on India’s banking system and cyber law framework.
CASE LAWS:
• Union Bank of India SWIFT Fraud Case (2016)
Cybercriminals used malware to gain access to the bank’s SWIFT system and attempted to transfer large sums of money to foreign accounts. The case exposed vulnerabilities in digital banking networks and international payment systems and also highlighted the importance of strong cybersecurity measures in banks.
• AIIMS Delhi Cyber Attack (2022)
AIIMS Delhi became the target of a major ransomware attack that disrupted hospital services and affected access to important patient data. The attack demonstrated how cybercriminals can target critical institutions and emphasized the importance of protecting sensitive information through strong cybersecurity practices.
• Jamtara Phishing Scam Cases (2015)
The Jamtara scam involved a network of fraudsters who tricked people into sharing their bank details, passwords and OTPs through fake phone calls and messages. Thousands of victims across India lost money as a result of these fraudulent activities. The case highlighted the growing problem of phishing and online financial fraud.
• State of Tamil Nadu v. Suhas Katti (2004)
This case is considered one of the first successful cybercrime prosecutions in India under the Information Technology Act, 2000. The accused was convicted for posting offensive and defamatory content online. The judgement played an important role in establishing the effectiveness of cyber laws in India.
• Shreya Singhal v. Union of India (2015)
Although not a cyber fraud case this landmark judgement significantly influenced cyber law in India. The Supreme Court struck down Section 66A of the Information Technology Act, 2000, holding that it violated the Constitutional Right to Freedom of Speech and Expression. The decision remains an important milestone in the development of Indian Cyber jurisprudence.
CONCLUSIONS:
The Cosmos Bank Cyber Scam of 2018 stands as one of the biggest cyber banking frauds in India. The scam exposed serious weaknesses in the cybersecurity systems of financial institutions and showed how cybercriminals can misuse technology for financial gain. By gaining unauthorized access to the bank’s ATM server and exploiting the SWIFT payment system, the hackers were able to steal approximately Rs. 94.42 crores through fraudulent transactions and illegal fund transfers.
The incident highlighted the growing risk of cybercrime in the digital age and raised concerns about the safety of online banking services and customers’ financial information. It also emphasized the need for stronger cybersecurity measures, regular security audits and better monitoring systems within banks. The investigations further demonstrated the importance of digital evidence and the role of cyber laws in dealing with technology-based offences.
The Cosmos Bank Cyber Scam serves as an important lesson for banks, regulatory authorities and the public. It shows that as financial services become more dependent on technology, the need for effective cybersecurity and strict legal protection becomes even more important. Strengthening digital security, improving awareness and ensuring compliance with cyber laws are essential steps in preventing similar cyber frauds in the future.
FAQS:
• What was the Cosmos Bank Cyber Scam?
It was a major cyber banking fraud that took place in 2018. Hackers gained unauthorized access to the bank’s ATM Server and carried out fraudulent ATM withdrawals and illegal fund transfers causing a loss of 94.42 crores.
• How was the Scam Carried out?
The hackers used malware to infiltrate the bank’s ATM switching server. Then they used cloned debit card information to make thousands of unauthorized ATM withdrawals in different countries and transferred funds through the SWIFT payment system.
• How much money was lost in the scam?
The total loss suffered by Cosmos Bank was approx. Rs. 94.42 Crores.
• Which laws are applicable to this case?
The case involves provisions of the IT Act, 2000 and the Indian Penal Code, including offences relating to hacking, cheating, criminal conspiracy and unauthorized access to the computer systems.
• Why is the Cosmos Bank Cyber Scam important?
The Scam exposed weaknesses in banking cybersecurity systems and highlighted the growing threat of cybercrime. It also emphasized the need for stronger security measures and effective cyber laws to protect financial institutions.
REFERENCES:
• https://www.IndianPenalCode,1860.com
• CERT-In Cybersecurity advisories
• https://www.cosmosbankcyberattack.com
• https://indianlegalkanoon.com
