Hackers target telecoms, banks

The government yesterday began wide-ranging investigations into allegations of hacking into systems of financial institutions and telecoms in the country.

Public and private sector entities that transact on Internet-enabled platforms ramped up their cybersecurity defences following an alert that Anonymous Sudan, a hacking group, was behind the plot.

Uganda Communications Commission (UCC), the sector regulator, confirmed that banks and telecoms were targeted, but said they were informed the attackers failed to breach the barriers. 

“We are aware that there were attempts. Under our CERT (Cyber Emergency Response Team) regulations, operators have to inform us within a certain period. We have already contacted them informally. What I can reveal now is that for those we have talked to, it seems the attempts were not successful,” said Mr Nyombi Thembo, the UCC executive director.

Mr Terence Alinde, the chief commercial officer at Liquid Intelligent Technologies, which describes itself on its website as “leading provider of pan-African digital infrastructure”, linked the February 6, 2024 intrusion to Anonymous Sudan.

The hackers, he noted, took down the services of one of the telecommunications companies in Uganda for three days. 

We could not independently verify this account and officials of the telecom declined to speak on the matter. 

In official accounts to the statutory regulator, the targeted companies said the hackers were unsuccessful and that no money or data of customers were lost or stolen.

Anonymous Sudan is a hacking group that claims to target entities that support Sudan’s renegade military group, the Rapid Support Forces, which is fighting against the country’s Transitional Sovereignty Council led by Gen Abdel Fattah Al-Burhan.

RSF is commanded by Gen Mohamed Handen Dagalo who allied with Gen Al-Burhan to topple Omar al-Bashir. The victors’ fall-out last year following months of power wrangle plunged Sudan into a conflict. 

The Transitional Sovereign Council last month shunned an Inter-Governmental Authority on Development (Igad) meeting in Kampala convened to broker truce between the warring parties in protest over Gen Dagalo’s invitation.  

It remained unclear if the hacking attempt on Ugandan institutions early this month was a retaliation for the country’s perceived sympathy to the RSF.

The hackers mid-last year targeted the Internet infrastructure in Kenya which, like Uganda, has hosted the renegade Sudanese general to the chagrin of Khartoum.

In the intrusions, the attackers took down, or took control of, networks of telecoms, education institutions, media houses, websites of government agencies, health facilities and other private companies for days.  

In Kampala, UCC’s Nyombi disclosed last evening that they had tasked targeted telecom service providers in the country to provide a detailed report on the attacks  --- whether or not they were successful.

“As a regulator, we need forensic details of what happened because even being unsuccessful is very important to the regulator because the attackers denied the telecom companies access to their services,” he said.

The intrusions happened between February 6-9, officials revealed. 

Ms Slyvia Mulinge, the MTN Uganda chief executive, confirmed that they registered repeated attempted attacks in the referenced period, but these were contained due to strong firewalling.

“We didn’t have any losses nor did we have any impact because we are on high alert. We are issuing a press statement. But we have tight cyber security firewalls,” Ms Mulinge said.

The statement had not come through by the time we went to press at 10pm.

Ms David Birungi, the communications manager at Airtel Uganda, said they didn’t detect any attempt on their system because of the bolstered barriers.

“It is like building a fence around your house and people want to enter your house, but you do not know how many people are standing on the fence waiting to enter,” Mr Birungi said.

Uganda Telecom (Utel) officials contacted for this article declined to speak, citing “sensitivity” of the matter. 

Police spokesman Fred Enanga said they have not been formally notified of the attempted breaches.

Separately, police announced that its Crime Intelligence task team yesterday took into custody a 48-year-old man, whose identity we are withholding pending his appearance in court, over accusations that he stole “millions of shillings” by hacking into mobile money systems of agents.

He allegedly committed the crimes in Mukono, Jinja, Wakiso, and Lwengo districts. Detectives retrieved four SIM cards from the suspect and impounded his Toyota Harrier vehicle as well.

Police said Uganda loses billions of shillings a year to in cyber breaches. Several suspects were arrested and prosecuted.

[email protected]