Telecoms, bank hacked, over sh1b stolen

CYBER ATTACK   CRIME

The Police have warned against hackers that are all out to mastermind electronic fraud targeting telecoms, banks and other financial institutions.

This follows the cyber-attack on telecoms (MTN and Airtel) and Stanbic Bank Uganda last Saturday morning.

In a joint press statement on Tuesday, Stanbic, MTN and Airtel Uganda explained that on Saturday (October 3), a third-party service provider experienced a system incident which impacted bank-to-mobile money transactions. All bank-to-mobile money/wallet services have been temporarily suspended.

The statement signed by the Stanbic Bank chief executive officer, Anne Juuko, MTN's Wim Vanhelleputte and Airtel Uganda's chief VG Somasekhar stated that: "The system incident has had no impact on any balances on both bank and mobile money accounts. Our technical teams are analysing the incident and will restore services as soon as possible."

Asked how much money was lost, Airtel Uganda chief commercial officer Amit Kapur said: "We cannot comment on this."

However, a Police Cyber Crime Unit detective said the attack could have led to the loss of more than sh1b.

Blocked accounts

When the institutions detected the breach, several client accounts were blocked, according to a Cyber Crime Unit detective who spoke to New Vision on condition of anonymity.

Stanbic Bank blocked client accounts to stop the wallet withdrawals, while MTN allegedly blocked mobile money transactions after over sh200m had been swindled. Airtel had lost about sh1b by the time red flags were raised, according to the detective.

However, establishing the actual amount of money lost is a subject of the ongoing investigation by both the Police and the institutions.

Both MTN and Airtel have different mobile money limits for the day.

However, this is subject to change when transactions are done at night, according to detectives.

The Police cybercrime unit detectives have asked financial institutions to carry out fresh vetting of their staff, especially from the information technology (IT) departments to thwart the growing crime.

According to the detectives, hackers worked closely with insiders from the financial institutions to accomplish their crime.

"The hacking is similar to that when Africell telecom was attacked in March and sh1.5b stolen. The same tactics were used with the help of insiders," the detective said.

Investigations

The detective predicted more cyber-attacks on institutions as a result of increased cashless transactions in the region, following the COVID-19 pandemic.

Worldwide, the public is discouraged from cash and hand-to-hand transactions that can lead to the spread of the virus.

Yesterday, cybercrime detectives were dispatched to the affected institutions to gather evidence as a search for the hackers intensifies.

Preliminary Police findings indicate that the scam was allegedly orchestrated by an employee of Pegasus Technologies, a company that provides financial and billing solutions for various companies in Uganda.

Police has since remained tight-lipped on the identity of the employee who worked with other hackers in fear of jeopardising investigations.

According to the Police, Pegasus serves a number of banks, telecoms and utility providers in Uganda to provide bespoke financial and billing solutions.

Pegasus is an aggregator for six top financial institutions in the country. In this case, the hackers infiltrated the Stanbic, MTN and Airtel aggregator, transferred the money and later cashed out the funds.

When contacted, the Criminal Investigations Directorate (CID) spokesperson, Charles Mansio Twiine, was cagey about details on what transpired. He, however, said investigations had commenced to establish who authorised access to an aggregator's system.

"We are investigating to establish whether there was loss, how much and who orchestrated the unauthorised access," Twiine told New Vision moments after cybercrime detectives returned after spending the better part of yesterday searching the affected institutions' IT systems.

Cybercrime cases in Uganda

Over sh11.9b has been stolen from commercial banks and telecom companies through fraudulent mobile money transactions in the past one-and-a-half years, according to the crime report released by the Police in March.

Interpol Kampala and CID are still probing a case in which 24 entities, including ministries, banks, private firms and businesspersons fell victim to cyber fraud in which over sh67b was reportedly stolen in 2017.

The money, mainly in US dollars, was fraudulently wired to foreign accounts, mainly in China.

The finance ministry lost the biggest amount of money, about sh30b. The money was siphoned through Bank of Uganda.

On several occasions, Police detectives have failed to apprehend the hackers as most of them operate outside the country, especially in Beirut, Lebanon.