Shs 14bn lost as hackers wreak havoc across Ugandan banks

Latest figures compiled by Interpol-Uganda show that hackers have become more lethal during the current coronavirus disease (Covid-19) pandemic era.

Statistics on cyber-crimes contained in a report by Interpol director Charles Birungi, indicate that $4 million (Shs 14.4 billion) has been lost to online fraudsters in the last twelve months.

Interpol indicates that the Shs 14.4 billion has been lost in more than 200 cases of hitech, international and economic crimes of which bank fraud, issuance of fake visa and online business fraud topped the list.

A police IT expert who preferred anonymity said Ugandan bank systems are being hacked almost every month but they have chosen silence as a way of not causing anxiety amongst their clients. The policeman’s argument is based on the fact that in the last twelve months, banks have lost more than $3 million (about Shs 10.9 billion).

“Of the $4 million [total] you are seeing, $3 million was recorded in just 10 cases of bank fraud," The IT security officer said.

"These are the banks that were bold enough to come out and seek our intervention in tracing for hackers based here and outside countries. But majority of the cases are never reported. They know if they keep reporting, people will feel insecure when their money is kept in a bank that is often hacked.”

Paul Senoga, an IT expert and dealer in security systems like vehicle tracking, agrees with police that banks conceal a lot of information about their illegally accessed systems. Senoga says hackers keep testing the systems until they gain access using malware.

As a solution, Senoga urges companies to always hire permanent and competent people who keep testing their own system purposely to spot loopholes early enough.

“Once someone gains access to your bank account, they can transfer the money to anybody or any account they want. The banks have come with Apps to simplify banking but they are suffering. Money is being wiped off accounts. Banks are not just revealing what is happening but it's huge,” Senoga said.

Citing an example of recent unauthorized access to Kyambogo University’s system where data for more than 2,500 students was deleted, CID spokesperson Charles Twiine, advises companies to avoid hiring outsiders to run their systems. He argues that a person who is not a permanent staff would disrupt the system once a disagreement erupts.

Apart from bank fraud that took a lion's share of money lost to cyber kingpins, the issuance of fake visa came second with $542,500 (Shs 1.9 billion). Online business fraud caused loss of $112,441 (over Shs 393 million), internet fraud caused losses of Shs 300 million while email hacking caused a loss of Shs 124 million.