Hackers use computers to access banks' money systems

Young IT graduates have been profiled as the major culprits in the hacking of bank systems in Kenya, a cybercrime that is facing banks in east Africa if we are to go by the latest reports.

The graduates, a majority of whom are aged 27 years and below, have been identified as the main suspects in cybercrime cases, Kenya media platforms report.

The suspects are said to be well armed with education that the banks have had to up their game by employing IT experts to try to stop them.

The Central Bank of Kenya (CBK), which has been following the rising cases of cyber fraud, recently issued a new policy that will require banks to report cases of cybercrime in real time, media reports say.

The new regulation that came into force last month requires banks and mobile money operators to report to the CBK any cyber-attack within two hours of the incident.

Companies with systems that clear huge amounts of money in bank-to-bank transfers were also directed to immediately file reports with the CBK.

Telecommunication companies with systems that move huge volumes of cash, such as mobile money transfer, have also been directed to file reports.

The new guidelines by the CBK come in the wake of increased cybercrime attacks targeting banks and other financial institutions.

Statistics from Kenya’s Directorate of Criminal Investigations (DCI) Banking Fraud Unit reveal that many of the suspects involved in cases of electronic fraud are well-educated university graduates with an IT background.

The suspects work in cahoots with bank staff who provide them with crucial information about IP addresses.

Google defines an IP address as a unique string of numbers separated by full stops that identifies each computer using the Internet Protocol to communicate over a network.

Once they get the IP address, the IT experts can remotely access a bank’s system, including its computers. After corrupting a bank’s system, they are able to transfer money from one account to another.

At times, they use mobile money networks to siphon the cash, according to data collected by banking fraud investigators.

The revelations come a day after eight Kenyans believed to be IT graduates were arrested in Rwanda over plans to steal money from an Equity Bank branch.

Due to the high number of hacking cases reported to the DCI by banks, a special team of IT investigators has been seconded to the CBK to handle investigations.

The team comprises IT experts from the DCI cybercrime unit and the National Intelligence Service (NIS).

The eight, whose identities Rwandan investigators are yet to reveal, were arrested together with four other suspects, including a Rwandan and Ugandan nationals.

“Rwanda Investigation Bureau (RIB) arrested an organised group of eight Kenyans, three Rwandans and a Ugandan over a cyber-fraud attempt on Equity bank,” Rwanda police said on Twitter.

“This group was arrested while in the process of hacking into the bank system to steal money from clients’ accounts.” Police said the same group was linked to another attack on the same bank in Kenya and Uganda.

“A case file has been submitted to the National Public Prosecution Authority for further management,” RIB added.

Last month, the DCI conducted a swoop on youth suspected to be cybercriminals in parts of Juja and Kabete.

During the October 9 operation, DCI officers arrested seven young men believed to be IT experts who are said to have defrauded the public of millions of shillings in a mobile phone hacking scheme.

More than 200 SIM cards, mobile phones and several mobile money transfer agent registers in Kenya were confiscated.

The suspects were described by the DCI on Twitter as aged 28 years and below.

Earlier, investigators raided a house in Juja and recovered over 40,000 mobile phone SIM cards and arrested five suspected fraudsters.

Cybercrime, in line with technology, continues to evolve, taking new forms and finding new ways to infiltrate financial enterprises, and banks are struggling to maintain pace with this evolution. This is largely due to the fact that there are so many new methods of banking along with the strong shift from traditional banking to mobile banking.