The Uganda Police have arrested two suspects in connection with the cyber attack on the country’s two leading telecom companies and banks over the weekend.
The two suspects are attached to Pegasus Technologies, a company that provides financial and billing solutions for various companies in Uganda.
The suspects were arrested on Wednesday by the Criminal Investigations Directorate (CID) cybercrime detectives at the helm of probing the case.
We’ve learnt that more arrests will be made over the incident in which over sh10b may have been lost to the hackers. Pegasus serves a number of banks, telecoms and utility providers in Uganda to provide bespoke financial and billing solutions.
According to the Police, Pegasus is an aggregator for six top financial institutions in the country. In this case, the hackers infiltrated Stanbic Bank, Bank of Africa, MTN and Airtel, transferred the money and later cashed out the funds.
The hackers reportedly cashed out the money from 2,000 mobile money withdrawal points located in different parts of the country. This was done within 36 hours.
In a statement issued on Thursday, Wim Vanhelleputte, the chief executive officer of MTN Uganda, stated that on October 3, an aggregator, Pegasus Technologies, experienced a security breach that impacted bank-to-wallet transfers.
“Although the incident did not affect any customer money mobile balances, a limited number of other services aggregated through the third party provider were suspended as a precautionary safety measure.”
“The core MTN mobile money services, including cash deposits, withdrawals, person to-person transactions and MoMo payments were never affected at any stage,” read the statement.
A source said investigators suspect that cyber criminals behind the theft could have used SIM cards of dead people or those abandoned by subscribers such as foreigners who stay in the country for a short time.
Meanwhile Police investigations have extended to the National Identification and Registration Authority (NIRA) after it was discovered that the SIM cards used were duly registered.
However, Gilbert Kadilo, the NIRA public relations and corporate affairs manager, yesterday issued a statement over alleged involvement of NIRA staff in the fraud.
He said NIRA’s role is to “facilitate verification of identities against applicants’ details on the identification cards and not to register SIM cards.”
“Since the SIM cards were registered against individual’s NINs, the investigators should be able to identify the registered owners of the cards used in the fraud,” Kadilo said.
According to sources, so far what is known is that Bank of Africa lost sh900m, Stanbic Bank sh9b, Airtel sh4.5b and MTN lost the biggest chunk. “Over 1200 MTN SIM cards were used to channel the money to various agents across the country,” a source said.