“With the advancement of information technology will come more sophisticated crime”. This and other related statements are commonly used by even those who advance the need for a digitally-led society.
This, therefore, means that the advancement in IT is a necessary evil, which will always be taken advantage of by cyber-fraud, robbery or kidnap and murder. And now, part of this is what is being investigated by government cybercrime experts, as well as private forensic investigators, after what was described as “an incident” by telecommunication companies, brought the thriving mobile banking and cash transfer industry, to its knees.
It’s now reported that in that ‘incident, up to 9 billion Shillings could have been stolen by criminals who hacked into the cash transfer process between Stanbic Bank and the telecommunications companies, MTN-Uganda and Airtel-Uganda between Wednesday and Friday last week, with a third-party aggregator, at the centre of it.
It is this aggregator, or aggregators, who are responsible for moving cash between users of mobile money platforms. In this particular incident, It is alleged that fraudsters hacked into Pegasus technologies’ that manages mobile money transactions on the two networks. In the aftermath, the Bank of Africa and Stanbic Bank suspended mobile money and Mobile Wallet transactions after the scam had been detected.
There are up to 23 million mobile money accounts in Uganda, and these carry out transactions worth 20 trillion Shillings a year via the platforms. Experts say that a digital offence can be engineered by a worker at any of the parties involved or outsiders who manage to infiltrate the system illegally, after discovering a weakness somewhere along the process of moving the money.
Moses Ssebugwawo, the Director of Operations at ABS Consulting, a forensic expert, says the longer the process, or the distance, the cash is moving, the higher the risk to its safety. That is why MTN-to-MTN or Airtel-to-Airtel transactions have a very low risk compared to cross-network transfers, while the risk gets greater when it is a transfer from one country to another because then, there are more third parties or aggregators, involved.
But according to Ssebugwawo, the telecommunications companies and banks are known to have the most secure systems. However, he adds, the hackers will always time when the money has reached a soft spot, then strike, most likely within the aggregators. The aggregators have a holding account with a bank where the money is held in bulk before being divided and sent to its various destinations, hence the name aggregators.
But what exactly is the function of a third-party service provider, also known as an aggregator?
These are several in Uganda and companies hire them to do that job of facilitating the movement of money. They are not financial companies not telecommunication companies, so they are not regulated, although the hiring companies must ensure that the aggregator being hired is of utmost credibility.
According to Ssebugwawo, therefore, the mobile service providers and the banks cannot perform the transfer function without the aggregator.
So, with the complex nature of moving money digitally comes the need not only for expertise but also for trust. Unfortunately, the offenders are always trying to be ahead of the authorities or the companies responsible for safely moving cash from one point to another. This calls for constant upgrade of systems and training of systems operators to stay on top of the game.
Now that the crime has been committed, and the search is on for the perpetrators, the question remains whether those involved in chasing them have what it takes to catch and successfully prosecute them.
Ssebugwawo expresses worry that the police and even the judicial system does not have the capacity to have the sophisticated cybercrimes in the country, but adds that it is a duty of all Ugandans to understand the digital world, if the vice is to be contained.
Charles Twine, the spokesperson of the Criminal Investigations Directorate and Luke Owoyesigyire, the Kampala Metropolitan Deputy Police Spokesperson said investigations were underway to establish how the scam was plotted. However, sources at CID said there is a possibility that hackers connived with some workers within the cited telecom companies.
“We haven’t found any traces of suspected involvement of Bank officials. But we highly believe there was the involvement of workers in these telecom companies. We are now working had to know how these Sim Cards were fraudulently registered,” the police source said.
A senior cyber police officer told Pearl FM that they were already analyzing two of the software that was used to hack into the systems. Owoyesigyire said they would also seek services of Interpol if they realize that the culprits stay outside Uganda.
“We are still conducting the investigations and I can say it will take us some time to know the exact amount that was lost. However, we have realised 9.1 billion Shillings was fraudulently transferred to numerous Sim Cards registered in MTN and Airtel,” the senior cyber police officer said.