Fraudsters using employees in cyber crime

By Steven Candia

The Police have warned of a new trend in cyber crime in which fraudsters use employees and other persons who have access to the office premises to stealthily install password skimming devices on computers of corporate firms so as to facilitate fraud.

The fraudsters, usually employees or former employees, prefer to use especially cleaners of contracted cleaning agencies for a number of reasons, among them, the unhindered access they enjoy and the fact that they are underpaid, making them susceptible, the Police have said.

“They also do their work during odd hours, when many offices are vacated or have few staff still around,” a Police detective handling one such case said.

Police spokesperson Judith Nabakooba says though there have not been many such cases reported, she is aware that the Police is investigating one such case in which a telecommunications company was defrauded of billions of shillings with the connivance of cleaners.

“There is a case which is being handled by our Special Investigations Unit (SIU),” Nabakooba said. Sunday Vision has learnt that the case in question is one in which telecom giant MTN lost sh3.1b after some of its employees and former employees allegedly connived with cleaners, to steal passwords later used in the crime.

The case was registered at the SIU under reference CIID/ E/ 27/2013, and the Police, it has emerged, have been doing a silent probe into the matter. Police launched investigations into the matter in January after Davis Muhangi, the MTN Uganda senior manager forensics, lodged a complaint over the alleged fraud.

The MTN case of sh3.1b

In this particular incident, which happened early in the year, the suspects are alleged to have contrived the plot and hired two cleaners — Johnson Ssengendo and Peter Ayebale, all cleaners with A&M, to pull it off. A&M had been contracted by MTN to clean its offices which included, the MTN Tower and another located on Plot 77 Yusuf Lule Road.

The Police has since launched a hunt for the prime suspects in the matter — David Norman, a former trade development representative for mobile money and Rehema Nakayenga, a former trade development representative, also with distribution of MTN mobile money agents numbers and Pius Seguya.

At the time the two cleaners were allegedly hired, details from the Police indicate that Ssengendo was working on the ninth and 10th floor of MTN Towers (finance department) and had been contacted by one of the suspects, Edrisa Sserunkuma, a businessman, to allegedly help stealthily fix a key login device on MTN computers in order to detect access codes and passwords.

It is further alleged that Ssengendo later passed the key log device, a flash disk-like device to Ayebale, a cleaner on the 10th floor with directives to fix it on a particular computer. The device would then skim the password once the operator logged in.

According to Police investigations, a day later, on January 24, the said device was allegedly fixed on a computer operated by Christine Alanyo, an MTN Uganda mobile money administrator on the 9th Floor MTN Towers and removed the following day. She then allegedly delivered it to Sserunkuma.

The Police investigations indicate that Ayebale was allegedly paid sh300,000. Norman, Nakayenga and Seguya, the Police say, are part of a bigger group of suspects (many of whom have already been charged in court) said to have taken part in fraud.

At the time of the fraud, both Norman and Nakayenga had ceased being MTN staff . It is alleged that armed with the passwords and codes, the suspects pulled off the highly intricate scam, creaming off huge sums of money.

The highly sophisticated crime, according to Police investigations, was hatched by the suspects in several meetings at the Centenary Park and executed swiftly by skimming highly secretive computer access codes, which were later used to hack the highly guarded system.

The suspects are said to have first hacked into the 9th floor of MTN Towers, then later the MTN offices along Yusuf Lule Road, where they allegedly moved sh3.15b to various accounts (some belonging to friends and relatives) and instantly withdrew the money.

On the Yusuf Lule Road office, the suspects are said to have used Irene Kauma, a sales executive for Essy Mobile Money and Jerome Oketcho, an MTN retention executive, to gain access to the fourth floor and pull off the fraud.

Magombe, Ssegujja, Kauma, Oketcho and Mary Nassejje, a company sub-agent, have since been charged in the Anti-Corruption Court with unauthorised access to computers and computer misuse and remanded to Luzira Prison.