Prosecution Of Cyber Hacking Targeting Banking Institutions
1. Understanding Cyber Hacking in Banking Institutions
Cyber hacking targeting banks involves unauthorized access, manipulation, or disruption of banking systems, accounts, and financial data. It can lead to financial loss, breach of customer data, and disruption of national financial systems.
Criminal liability arises when an individual or group:
Gains unauthorized access to banking systems.
Steals funds or sensitive data.
Uses malware, phishing, or ransomware for financial gain.
Facilitates fraud or money laundering through compromised banking infrastructure.
Legal Framework
India:
IT Act 2000:
Section 66 (Computer-related offenses)
Section 66C (Identity theft)
Section 66D (Phishing/cheating using computer resources)
IPC Section 420: Cheating
Banking Regulation Act, 1949: Penalties for unauthorized access to banking operations
United States:
Computer Fraud and Abuse Act (CFAA, 1986): Unauthorized access to computers and banking systems.
18 U.S.C. §1030: Computer fraud targeting financial institutions.
Federal Reserve and SEC regulations for cybercrime affecting banks.
International:
Council of Europe Cybercrime Convention (Budapest Convention, 2001): Criminalizes hacking, fraud, and identity theft targeting banking institutions.
Key Elements of Criminal Liability
Unauthorized access: Accessing banking systems without permission.
Intent to defraud or steal: Using access for financial gain or disruption.
Damage or risk: Causing actual or potential financial loss or compromising security.
Technical means: Malware, phishing, ransomware, hacking tools, or social engineering.
2. Types of Cyber Hacking Targeting Banks
Account Takeover: Unauthorized access to customer accounts for theft.
ATM and POS Fraud: Skimming, cloning, or malware-based ATM attacks.
Ransomware: Locking bank systems to extort money.
Phishing and Social Engineering: Stealing login credentials to access bank accounts.
SWIFT/Interbank Fraud: Hacking into interbank messaging systems to transfer funds illegally.
3. Detailed Case Law Examples
Case 1: United States v. Albert Gonzalez (2009, US)
Facts: Albert Gonzalez led a cybercriminal group that hacked major retail and banking systems, stealing 170 million credit/debit card numbers.
Legal Issue: Violated CFAA, 18 U.S.C. §1030 and identity theft laws.
Outcome: Convicted; sentenced to 20 years imprisonment.
Significance: Illustrates severe penalties for cyberattacks targeting financial institutions and the scale of potential harm.
Case 2: State Bank of India Online Fraud Case (India, 2018)
Facts: Hackers accessed multiple SBI customer accounts via phishing and malware, transferring funds to foreign accounts.
Legal Issue: Violated IT Act Sections 66, 66C, 66D and IPC Section 420.
Outcome: Hackers were arrested; prosecution included both cybercrime and fraud charges.
Significance: Shows how Indian law addresses hacking combined with fraud in banking institutions.
Case 3: Bangladesh Bank Heist (2016)
Facts: Hackers used the SWIFT network to attempt transferring $951 million from Bangladesh Bank’s account at the Federal Reserve Bank of New York; about $81 million was stolen.
Legal Issue: Cyber fraud, hacking, and international banking law violations.
Outcome: Investigation led to identification of perpetrators in the Philippines and India; funds partially recovered.
Significance: Illustrates international consequences and prosecution challenges in cyber banking fraud.
Case 4: United Kingdom – Tesco Bank Hack (2016)
Facts: Hackers accessed Tesco Bank accounts, stealing £2.5 million from over 9,000 customers using malware and phishing.
Legal Issue: Computer misuse and fraud under UK Computer Misuse Act 1990.
Outcome: Perpetrators were arrested and convicted; bank strengthened cybersecurity measures.
Significance: Demonstrates liability and prosecution under national cybercrime laws for hacking banks.
Case 5: United States v. Roman Seleznev (US, 2017)
Facts: Roman Seleznev executed massive cyberattacks on ATM networks and banking systems, stealing cardholder data and withdrawing funds.
Legal Issue: Violated CFAA and conspiracy laws.
Outcome: Convicted and sentenced to 27 years imprisonment.
Significance: Highlights that cyberattacks on banking institutions are treated as serious federal crimes with long sentences.
Case 6: ICICI Bank Fraud Case (India, 2020)
Facts: Attackers hacked customer accounts using phishing emails, transferring funds to offshore accounts.
Legal Issue: Charged under IT Act Sections 66C, 66D and IPC 420.
Outcome: Perpetrators arrested; prosecution emphasized identity theft and financial fraud.
Significance: Shows combined use of cybercrime and banking fraud laws in prosecution.
4. Legal Principles Illustrated
Intent and unauthorized access: Critical in proving criminal liability.
Use of technology: Cyber hacking tools make it a specialized crime.
International jurisdiction: Cross-border attacks require cooperation among law enforcement.
Severe penalties: Courts impose long prison terms and fines.
Bank accountability: Banks must implement strong cybersecurity measures; failure may trigger regulatory action.
5. Practical Takeaways
Banks: Must implement strong cybersecurity frameworks and report breaches immediately.
Cybercriminals: Unauthorized access and theft from banks can result in long-term imprisonment.
Legal enforcement: Includes national cybercrime units, INTERPOL cooperation, and international banking oversight.
Public awareness: Customers should be vigilant against phishing, malware, and social engineering attacks.
RELATED Blog
comments