How hackers accessed  Airtel Money’s systems

Illustrative photo of a hacker. Unconfirmed reports said hackers demanded a ransom to release the information. PHOTO | FILE | NMG

What you need to know:

  • After tweaking Airtel Money’s software to approve every transaction that came along, the hackers drained its central systems of just under Shs8 billion in a meticulously planned operation.

New details have emerged about how black hats used the website of a gaming platform in Uganda to plunder money from the systems of Airtel Mobile Commerce Uganda Limited (AMCUL). 

While the licensed betting firm’s website prides itself on making “use of standard encryption to protect the data of its users”, this publication has been reliably informed that cybercriminals used it as a gateway to AMCUL’s digital systems.

After tweaking AMCUL’s software to approve every transaction that came along, the hackers drained its central systems of just under Shs8 billion in a meticulously planned operation.

The hack affected a number of banks and microfinance deposit-taking institutions operating in Uganda. This publication understands that one of the microfinance deposit-taking institutions opened an official complaint with Cyber and Counter Electronic Measure Desk at Criminal Investigations Directorate (CID) headquarters in Kibuli, Kampala. 

Black box attack
Initial investigations indicate that the hackers found a neat workaround AMCUL’s systems via the betting firm, whose name we have chosen to withhold. Punters who use the gaming platform to load virtual bet slips stake bets only after crediting their accounts with mobile money on Airtel or MTN. 

The attack
CID detectives told this reporter that when the black hats accessed AMCUL’s systems via one of its clients—the betting firm we have chosen not to name—they launched what is known in the hacking underworld as a black box attack. Multiple accounts of banks and microfinance institutions bore the brunt of the ‘jackpotting’ with money mules acting on behalf of the black hats receiving mobile money from the hack. 

This publication understands that 1,840 registered and preregistered SIM cards were readied for big withdrawals. Sources tell us that the hackers had completed transactions on 1,800 of the SIM cards before the daring raid was stopped in its tracks.

In a statement, Airtel Uganda said the “incident did not impact any Airtel Money or bank balances.” It added that “our platform is secure and built to world-class specifications to give our Airtel Money customers an instant, safe and secure experience.”

Our attempts to talk to the top brass of the betting firm were unsuccessful. When we sounded out what we were led to believe is the firm’s chief executive, he told us that he severed ties with the company last month. 

His response was so terse that we were unable to establish whether he left in the aftermath of the black box attack on AMCUL’s digital systems. The daring raid on AMCUL’s digital systems took place on October 28.

CID response
Our sources tell us that officials from the betting firm in the eye of the storm will be probed at the start of the new workweek on Monday. This is as investigators attempt to get to the bottom of the Shs7.6 billion hack. AIGP Tom Magambo, the CID director, couldn’t be drawn into whether this is a lead the police are exploring. He, nevertheless, told this publication via telephone that the investigation into the hack is gaining traction.

“We do take any reported incident very seriously, especially on investigations with dubious ways that affect our society,” he said, adding, “We can assure you that we shall take all the necessarysteps to complete this investigation.” 

AIGP Magambo also told this publication that CID detectives will share findings from any watertight lead with the Director of Public Prosecutions to recommend sanctions. 

While sources at the CID headquarters told us that some arrests have been made, AIGP Magambo declined to divulge any information.
“I’m not aware of any arrests, and I don’t have any information about it,” he tersely said.

Airtel statements
CID detectives close to investigations into the hack told this reporter that AMCUL’s top brass was recently summoned to the CID headquarters in Kibuli. We understand that the entity’s top officials made statements in regard to the hack.

Cyber attacks

Cyber attacks have in recent times grown in their frequency and ferocity. Already, UGAFODE Microfinance Limited—a Uganda-based micro deposit-taking institution—lost Shs400 million to black hats this year. In fact, the police registered 10,057 economic crimes from private sector fraud in 2020. Obtaining money by false pretense was the highest crime reported under this category in 2020. It was followed by forgeries and cyber-related crimes in that order.

Welcome!

You're all set to enjoy unlimited Prime content.