Taiwan Bank breach: Sri Lanka arrests two suspects

Sri Lankan police have arrested two people for allegedly planting a malware in a Taiwanese bank's servers to enable illicit transactions and sending unauthorized, doctored messages through the interbank Swift network.

The Criminal Investigation Department (CID) started an investigation last week after a reports that an individual received Rs 110 million from a bank, Taiwan Far Eastern Bank,  that was compromised.

The Director at police criminal investigations division (CID),  Shani Abeywardana told Reuters, “We arrested on a tip-off from the Bank of Ceylon that there had been a suspicious transaction.”

“From the investigations and questioning we’ve found out that this is connected to hacking in Taiwan,” Abeywardana said.

An English news website of Taiwan's Central News Agency (CNA), Focus Taiwan has reported that Far Eastern Bank had informed about the breach to the Taiwan’s financial watchdog,  Financial Supervisory Commission as well as the  Society for Worldwide Interbank Financial Telecommunication's (SWIFT) network.

“Through the planted malware, hackers conducted virtual transactions to move funds totaling nearly $60 million from Far Eastern Bank customers’ accounts to some foreign destinations such as Sri Lanka, Cambodia and the United States, the bank found on Tuesday,” Focus Taiwan’s website said.

“It added that since the bank continues to trace the lost funds by underpinning certain fund movements, the loss could be reduced to zero. It said the hacking did not lead to any leaks of customer information.

To track down the hackers, the police Criminal Investigation Department (CID)  was working closely with Taiwan counterparts since last week.

"We are looking at about $1.3 million that had come into three accounts in Sri Lanka," said the official.

"We have taken two people into custody and we are looking for one more person".

However, police have recovered most of the money, and a court investigation is pending.