Two weeks ago there was a cyber attack on telecommunication companies, MTN, Airtel and two banks including Stanbic and bank of Africa where billions of money were lost when hackers broke into the system of Pegasus Technologies before taking off with an unspecified amount of money belonging to several companies including banks and telecoms.
Experts from the Financial Intelligence Authority have explained circumstances under which the recent hacking of mobile money system for various banks by fraudsters was successful, leading to loss of billions of shillings.
It has since been reported that the hackers used over 2000 mobile phone numbers to execute their mission and that the heist took more than two days without notice of the financial systems involved.
However, according to the Financial Intelligence Authority, Sydney Asubo, the Financial Intelligence Authority Executive Director, since the money involved was in small amounts, it was not easy for anyone to detect that something sinister was going.
“Like many crimes, detection comes when the crime is in the process of happening or it has already happened. In this particular case, the detection happened when the crime was still ongoing. It was not detected early enough because the patterns used were the ordinarily usual patterns,” Sydney Asubo said.
The Financial Intelligence Authority was established to monitor, investigate, and prevent money laundering, financing of terrorism in Uganda and related activities.
As part of their mandate, the FIA has a system that detects and sometimes blocks abnormal transactions into and out of the country.
Consequently, if a transaction is above the normal, the Financial Intelligence Authority is alerted and, in any case, it alerts the financial institutions including banks involved as they investigate the source and purpose of the money involved.
However, according to the FIA Executive Director, the hackers transferred billions of shillings to telecom companies then to the different sim cards in usual amounts.
“The amounts were within the ordinary ranges. It is only when it happened repeatedly over a two-day period that those involved in the processes became aware that there was a possibility that something wrong was happening,” Asubo said during an interview on Nbs Television.
“When they interrogated the red flags, they were able to confirm that indeed fraud was being committed. The relatively small amounts but in bulk delayed the early detection.”
According to information from investigators, the hacking happened into the system of Pegasus Technologies, the company that translates money from banks into mobile money transfers between banks and telecom companies.
Following the hacking, the fraudsters were able to instruct the banks to release money to the telecom companies that later sent it to the over 2000 sim card accounts from which it was withdrawn from various mobile money agents throughout the country.
The Uganda Financial Intelligence Authority (UFIA), is a government agency established by the Parliament of Uganda to monitor, investigate, and prevent money laundering in the country
The Financial Intelligence Authority boss however warned that it could have been an insider job at any of the financial institutions or at Pegasus.
“While you can have a robust system in place, you must check the integrity of those who manage those system. The two go hand in hand.”
He urged members of the public and financial institutions to have in place robust systems to prevent the commission of such crimes but also systems that allow them strong mitigants in case the crimes happen.