VIRTUAL ROBBERY

Some time ago news filtered through the media that an Iranian group called White Hat Hackers intended to carry out a major hackers attack on Azerbaijan's banking system. Its members had allegedly "discovered in the activities of the Central Bank of Azerbaijan fraud against the Iranian people in the case of money of the Royal Bank". Moreover, White Hat Hackers claims that it had already hacked the systems of 8 Azerbaijani banks and gained access to the accounts of 53,634 of their clients to a sum of AZN 25 million, and that these monies would be transferred to other accounts - of Iranian Royal Bank investors.

Leaving aside the groundless claims of the Iranian hackers regarding the Azerbaijani Royal Bank, which had been made bankrupt a couple of months ago, we should point out that their statement nevertheless compelled a certain section of the client base of local banks to think seriously: are the information systems of our banks protected from such threats?

Psychological Pressure

The Iranian cyber crimes should not be underestimated: a year ago hacker attacks were carried out on 25 official websites of a number of Azerbaijani state institutions and other organizations. It emerged as a result of an investigation by the Ministry of Communications and Information Technology that cyber criminals were operating from Iran and the Netherlands. Thus, 24 hacker attacks on Azerbaijani Internet sites were carried out from Iran, and one from the Netherlands.

Meanwhile, experts admit that the country's financial sector is more liable to risk in cyberspace. The chief expert of the Centre for Judicial Expertise of the Azerbaijani Justice Ministry, Natiq Panahov, believes that the problems mainly concern cash payments and operations carried out using plastic cards. At the same time, the stealing of information is particularly topical. "In 2012 additions were made to the Azerbaijani Criminal Code which helped to step up the fight against cyber crime. It is common knowledge that cyber crime has become very topical in the world and, accordingly, it affects Azerbaijan, too. Of course, compared with other countries, the number of crimes in Azerbaijan's cyber space is not so great. Nevertheless, as the country gradually integrates into the world community, this problem will get more serious," Panahov said.

However, banking circles themselves and the structure that regulates them are confident that the situation is under control. "After this statement by the White Hat Hackers was made, we issued an instruction to all banks to check if they had a threat or any facts of such attacks. So far we have not had any reports about any attempts at hacking," the general director of the Central Bank of Azerbaijan, Rasad Orucev, told Region+. He said that there had been certain demands on banks in the sphere of information security, these questions are being regulated and the country's banking sector is resistant to hacker attacks.

In the opinion of a leading expert in the country's banking sphere, director of the Azerbaijani Bank Training Centre (ABTC) Cavansir Abdullayev, the threat of the Iranian hackers is more of a psychological attack than a real attack. "All banks have been notified of this. But I believe that since Internet banking services in our country are not that well developed, it is virtually impossible to enter closed systems and steal money from them. There are not many banks that have started to offer real Internet or mobile banking services, which creates more opportunities for such illegal operations, and they apply the most state-of-the-art security technology, investing considerable financial resources in them," Abdullayev pointed out. He claims that the point of the White Hat Hackers' statement was merely to damage the image of Azerbaijani banks and worry their clients.

All quiet in the banks

Of course, a theoretical evaluation of the hacker attacks is necessary in order to build the correct strategy to forestall and prevent threats in the information sphere, and such threats should not be ignored or underestimated. At the same time, the Azerbaijani banks themselves assure us that clients have nothing to worry about because information security is a question that is being given the closest attention.

Thus, the International Bank of Azerbaijan has said that in fact the IBA's basic banking system is impregnable to external attacks purely physically. "The maximum that hackers, groups, and so on can hope for is some degree of impact on the IBA's website, which will not in any way affect the bank's operating ability and its protection of confidential information," the IBA said.

One of the country's leading banks, Pasha Bank, said that it is common knowledge that fraud schemes change very quickly, and the fraudsters are always trying to adapt to new checks and to cheat the banks' sensing systems for such attacks. "Our bank uses a special programme so that it can quickly introduce new or change the existing rules of preventing subsequent fraud attacks. Automated monitoring enables fraudulent activities to be sensed at an early stage, using rules established by a risk-analyst," Pasha Bank said. Furthermore, in 2013 the bank plans to carry out a 3D Secure certification system. This is advanced technology verified by Visa and Master Card (Secure Card) enabling additional verification of the card owner to be carried out by means of entering a 3D Secure password. This technology provides the card with an additional secret code (just like a PIN-code in a cash machine), protecting it from unauthorised use when a customer makes a purchase through an Internet shop.   

Because plastic cards are the most widely used and accessible banking product, the fraudsters often choose them as the target of their attacks. That is why Pasha Bank has advised the holders of plastic cards to always be cautious when using them (see recommendations).

"We learn almost every day from the news that hacker attacks have been made on the networks of such leading world companies as Apple, Microsoft, Facebook, Twitter and so on. The possibility of such attacks has not been ruled out on the Azerbaijani banking sector, either. Their success rate depends on the security systems of the individual bank," Access Bank, for its part, believes. In order to reduce risks this bank uses the defence-in-depth methodology, which entails protecting each part of the information system. "Of course, there have been various levels of hacker attacks on our systems, too. For example, gathering of information and concerted attacks. These types of attacks are recorded by data security facilities and our experts take the appropriate security measures. Furthermore, as you know, our bank is introducing the Temenos system which gives banking operations greater protection," the bank pointed out.

"Like other serious organizations, we, too, sometimes get in our mail threats of a hacker attack. We have a serious approach to assessing this type of threat. But most often it turns out to be just a threat, without any serious foundation. Questions of information security have always been a priority for our bank and we have professionals who deal with technical support in this sphere," we were told at the Muganbank OJSC.

As we have seen, the country's banks are taking all the necessary measures to counter cyber attacks. Nevertheless, the opportunities of the other side should not be discounted, bearing in mind that even financial institutions in countries with the most developed banking systems suffer crimes of this nature every year. And the resources of a single bank, whatever its size, cannot help to create a super-reliable security system. In this connection, our country needs help from the state structures, too. Bearing in mind that this year has been declared the Year of ICT by the country's President Ilham Aliyev, this problem could be resolved. Especially as quite recently Ali Abbasov, the Azerbaijani Minister of Communications and Information Technology, said that a regional centre for information security would be set up in Azerbaijan. "The project, which will provide information security not only for Azerbaijan, but the whole region, is due to be implemented with the American Symantec company, with whom talks are now being held," the minister said. There is no doubt that  the project will become a  fine means of support for banking security systems and help to improve their image and increase the confidence in them of a potential customer base.