Cyber Crime: How thieves are stealing online

Many times, employees as well as employers are lax about keeping their online content secure. What they do not know is that this could lead to loss of millions of shillings and very important information.

Information is power and therefore today, every company or organisation worth its name, has more than 70 per cent of its workforce using computers to generate and store information.

What most staff do not know, however, is that this information is important company property, which needs to be guarded jealously.

Often, computers store sensitive information ranging from the financial stand of the company to trade secrets – information they would not want to fall into competitors’ hands, lest they are edged out of business.

Early this year, former Rubaga South Member of Parliament Singh Katongole, was reported to have lost more than Shs300m to hackers as he wired the money to suppliers of aluminum profiles for his company.

Katongole says when he went to China to place the order for the profiles, he did not have enough money but agreed with the suppliers that when they sent them, he would clear the balance.

He recalls that when the cargo reached Mombasa, the suppliers sent the invoice and the account number where to pay the money by e-mail. He suspects this to have been the beginning of his troubles.

“The invoice had been cut half way and it had a different account number and e-mail address, which I did not pay attention to. Since I was out of office, I instructed one of my workers to transfer $26,000 (approx. Shs67m) into the account on the invoice.

“After a few days, somebody called me from China saying that since it was the end of year in China, banks were closed and therefore they could not access the money. They told me they needed money urgently and asked me to send another $26,000 by telegraphic transfer to a bank account in Hong Kong and this would act as part payment for the next consignment of goods.” Katongole obliged.

A few days later, another phone call came in from China. This time, it was the genuine suppliers following up on the payments. When he told the suppliers that he had sent the money to the bank accounts he had been told to deposit it, they were shocked because they had not sent any such instructions. He immediately reported to Jinja Road Police Station and Interpol to follow up the matter.

Katongole is not the only victim. Many have suffered financial losses of money in a similar way.

How secure are companies?
Back home, here is a question to reflect on. After buying desktop computers, mobile gadgets or laptops and connecting them to the local area network, including the Internet, what security measures do you put in place to ensure that your treasured company information does not leak to the competitors? How often does your company go out of its way to deliberately train all the staff using computers on the basic computer security skills?

With the rising wave of hackings into web sites and databases, this new wave of computer-aided fraud is placing the security of organisations operating businesses on computers and the internet, into very vulnerable positions. They risk losing financial resources as well as vital company information.

In Uganda, the banking and the telecoms which are the fastest growing sectors in the economy, are the biggest victims so far with several banks registering huge losses of funds from customer accounts, and from electronic fund transfers, where lots of money is sent online through the internet into banks, while in the telecommunications sector, the most common forms of computer related crimes include jamming of the telephone networks, dropped telephone phone calls and incomplete call metering where phone calls do not last the 60 seconds in a minute.

According to Mustapha Mugisa, an anti-cyber-fraud and computer forensic expert and Director of Summit Consult, hacking is a process of gaining unlawful access to one’s computer system using technical or social skills or both, depending on the security awareness of the target of interest. He says the first step in hacking is foot printing and reconnaissance.

“Foot printing involves understanding the target system and studying the security practices in that system so that the hacker can exploit the weakest point of vulnerability,” he says.