Police baffled by hi-tech Kenyan hackers in Ksh21 billion racket

Image result for cyber crime gifYou risk ending the New Year broke as cybercriminals target payments process of companies as well as divert money meant for suppliers and employees to their personal accounts.

The hack, targeting Pesa Link, has triggered a massive cybercrime investigation into the loss of billions of shillings.
Pesa Link facilitates real time inter-bank transactions. Barely two months after it was launched in 2017, two million customers signed up.
The application is designed in such a way that a customer can transfer money from their own account to others held in other banks. It also allows customers to wire money to their mobile phones.Related image

Papers filed by police in court to obtain warrants of arrest for 130 fugitives wanted by the Directorate of Criminal Investigations (DCI) detail how suspects hacked bank systems, moved cash into holding accounts and then withdrew it from multiple accounts.
Some of the withdrawals were done from automated teller machines hundreds of kilometres from the affected banks, highlighting the wide reach of the racket.

Related image

Although the figures captured in papers filed in courts in Nairobi and Kiambu were modest, DCI boss George Kinoti said the money involved in the investigation runs into billions of shillings.
“They have stolen billions of shillings from innocent Kenyans. Financial institutions are suffering because of these suspects’ actions,” Mr Kinoti told The Standard.
Industry players are alarmed that the amounts stolen from banks through cybercrime have risen over the years, from Sh14 billion in 2015, Sh17 billion in 2016 and Sh21 billion in 2017.
There are fears that the 2018 report expected in March could paint an even grimmer picture.
In court records, police say the suspects are habitual offenders and are wanted for various conspiracy and electronic offences by the DCI.Image result for George Kinoti

One of the methods used by the hackers involves gaining unauthorised access to the core banking system to make suspicious deposits – emptied from targeted accounts – and subsequent withdrawals from multiple accounts. Affected banks only uncover the theft during reconciliation.

Another scheme targets users of mobile phone money transactions. In this case, users receive an anonymous message on a certain transaction. Once they click on a link provided, they unwittingly instal a malware that harvests login information and passwords. The crooks are then able to gain access to the account and empty it.
Yet another racket involves disgruntled employees or former employees with intricate knowledge of, for instance, dormant accounts from which money can be spirited out without detection, or even gaps in the system.

The criminals then skim off a little amount from each of the accounts, say Sh10, which clients are unlikely to detect. This grows into a tidy sum once skimmed from thousands of accounts.
The fraud in question, which investigators believe happened between January 1 and 7 this year, benefited at least 50 people who are now at the centre of investigations.
The stolen money was wired through Pesa Link to accounts in eight banks and the money withdrawn through ATMs and mobile phones.

Milimani Magistrate Martha Mutuku was told of a bank that found out that it had lost money because Pesa Link transactions were not supported by its internal debits.
The hacker fused the stolen money in 14 accounts in the first bank. In the second one, eight accounts were suspected to have benefited.
A third bank had six people benefiting while the fourth bank held nine accounts that received the suspect money.

Leave a Reply

Your email address will not be published. Required fields are marked *