Ring. Ring. You are woken up by early morning call from your IT manager with the dreaded news that the bank was robbed during the night.
Worried, you ask: “How many people are dead.” None. Did they break through the basement door? No. Where did they pass? “I am here with the Manager, we are also not sure where they passed?” How much has the bank lost? We are not yet sure, but I am afraid, it could be more than a billion? Puzzled, you jump out of the bed and cut short your December holiday. In the traditional bank robber crimes, the missing link was the “who”? Who are these goons that broke into the bank wearing masts. Not anymore. Now criminals have a clear Command Control Centre, prowl the Internet on a 24/7 basis looking for targets wherever they are. Once a target is identified, the criminals who may be based in say Nigeria, find it easier to process papers and travel down here in Uganda to enlist accomplices, complete the mission and if successful go back.
In August 2017, a user ID, found to have been created for the Vendor IT support personnel, was found to have left unauthorized code in the live banking application that was remotely activated via Remote Desk application and transferred small amounts of money from any bank account that met two criteria – (i) account had a withdrawal within the last five days and (ii) had more than Ugx. 100m (US $27,397) on it. Clearly the fraudster had some insights about the bank. The money was then sent to an account which the fraudster temporarily changed the signature and profile details to match the fraudster’s. During withdrawal, the fraudster presented details that matched exactly those on the account. However, after 12 hours, the account reverted to the original details. Since a lot of money had been withdrawn from the account, the branch manager was able to notice the anomalies on the account as it came as part of the high withdrawal account reports on the following day. And that is how the matter landed on by Desk. In the cyber investigations world, clients expect miracles but sometimes our hands are tied as forensic experts. Unlike a physical crime scene, which tend to leave evidence in plain view, in the cyber world things are different. To give you a complete account of who did what, how, where, when and why, you must have established and practiced minimum cybersecurity hygiene. One of the critical ones is proper configuration and offsite backup of the firewall packet logs (pcap) captured in real time so that not even IT personnel have access to the backups – before, during and after the incident. This simple practice helps get to the bottom to examine how the fraudsters accessed the bank. Is the enemy within or without? If well configured, a firewall works like a door between the internal network and the Internet. If your perimeter wall at home has only one gate, and you have a camera and biometric access, you are able to know who access your home and where. However, if you have multiple gates, you increase your points of failure. And this gives room for cyber criminals to steal and cover their tracks.
Because the attack targets are varied and many, the cyber criminals are persistent and patient. They are always looking. Who is using which system and how up to date is the system. They know that a system that is up-to-date today will become outdated tomorrow due to the ever changes in technologies.
The bad guys are more motivated, learning faster and working harder than the good guys. In today’s VUCA (volatile, uncertain, complex and ambiguous) world driven by Big Data, Internet of Things, Machine Learning, and Robot love (Robots are being made to replace (wo)men for pleasure), the number and frequency of cyber-attacks are increasing at a faster rate than the available skills. In Uganda, institutions that are advanced technology users with a lot of value at risk like banks, insurance companies, telecoms and government Authorities like Uganda Revenue, Uganda Registration Service Bureau, Kampala Capital City to mention but three are always on attention: how to proactively anticipate and prevent cyber threats before they materialize?
At individual level, if you access the Internet, you are exposed to cyber-crime risks. As businesses and individuals go digital, so have fraudsters. The frequency and scale of cyber frauds is mind boggling. Cybercrime is so pervasive and clandestine. Many cases do not necessary involve loss of hard cash. It is the cost to recovery and the psychological torture of the victims that is gives the victims in.