× Digital News Videos Health & Science Lifestyle Opinion Education Columnists Moi Cabinets Arts & Culture Fact Check Podcasts E-Paper Lifestyle & Entertainment Nairobian Entertainment Eve Woman Travelog TV Stations KTN Home KTN News BTV KTN Farmers TV Radio Stations Radio Maisha Spice FM Vybez Radio Enterprise VAS E-Learning Digger Classified Jobs Games Crosswords Sudoku The Standard Group Corporate Contact Us Rate Card Vacancies DCX O.M Portal Corporate Email RMS
Login ×

How young IT gurus hack into banks and walk away with cash

By Kamore Maina | November 3rd 2019 at 01:00:00 GMT +0300

Stop-gap measure: New CBK policy requires banks to report cybercrime cases in real time

Young IT graduates have been profiled as the major culprits in the hacking of bank systems.

The graduates, a majority of whom are aged 27 years and below, have been identified as the main suspects in cybercrime cases.

The suspects are so well armed with education that players in the banking sector have had to up their game by employing IT experts to try to stop them.

The Central Bank of Kenya (CBK), which has been following the rising cases of cyber fraud, issued a new policy that will require banks to report cases of cybercrime in real time.

The new regulation that came into force last month requires banks and mobile money operators to report to the CBK any cyber-attack within two hours of the incident.

Read More

Companies with systems that clear huge amounts of money in bank-to-bank transfers were also directed to immediately file reports with the CBK.

Telecommunication companies with systems that move huge volumes of cash, such as mobile money transfer, have also been directed to file reports.

New guidelines

The new guidelines by the CBK come in the wake of increased cybercrime attacks targeting banks and other financial institutions.

Statistics from the Directorate of Criminal Investigations (DCI) Banking Fraud Unit reveal that many of the suspects involved in cases of electronic fraud are well-educated university graduates with an IT background.

The suspects work in cahoots with bank staff who provide them with crucial information about IP addresses.

Google defines an IP address as a unique string of numbers separated by full stops that identifies each computer using the Internet Protocol to communicate over a network.

Once they get the IP address, the IT experts can remotely access a bank’s system, including its computers. After corrupting a bank’s system, they are able to transfer money from one account to another.

At times, they use mobile money networks to siphon the cash, according to data collected by banking fraud investigators.

The revelations come a day after eight Kenyans believed to be IT graduates were arrested in Rwanda over plans to steal money from an Equity Bank branch.

Due to the high number of hacking cases reported to the DCI by banks, a special team of IT investigators has been seconded to the CBK to handle investigations.

The team comprises IT experts from the DCI cybercrime unit and the National Intelligence Service (NIS).

The eight, whose identities Rwandan investigators are yet to reveal, were arrested together with four other suspects, including a Rwandan and Ugandan nationals.

“Rwanda Investigation Bureau (RIB) arrested an organised group of eight Kenyans, three Rwandans and a Ugandan over a cyber-fraud attempt on Equity bank,” Rwanda police said on Twitter.

“This group was arrested while in the process of hacking into the bank system to steal money from clients’ accounts.” Police said the same group was linked to another attack on the same bank in Kenya and Uganda.

“A case file has been submitted to the National Public Prosecution Authority for further management,” RIB added.

Yesterday, police spokesman Charles Owino told The Sunday Standard that the police have enhanced their IT investigations by training more experts to deal with cybercrime.

“We have trained enough officers to deal with cybercrime-related matters. We now stand a better chance than before to deal with the menace,” Owino said.

Last month, the DCI conducted a swoop on youth suspected to be cybercriminals in parts of Juja and Kabete.

During the October 9 operation, DCI officers arrested seven young men believed to be IT experts who are said to have defrauded the public of millions of shillings in a mobile phone hacking scheme.

More than 200 SIM cards, mobile phones and several mobile money transfer agent registers were confiscated.

The suspects were described by the DCI on Twitter as aged 28 years and below.

Earlier, investigators raided a house in Juja and recovered over 40,000 mobile phone SIM cards and arrested five suspected fraudsters.

Cyber attack Hackers Bank hackers
Share this story

More stories

Take a Break