ATM heist trend unmasks tactics of tech-savvy thieves - Beaking Kenya News

Beaking Kenya News

Where It All Happens

Breaking Kenya News


Sunday, 12 May 2019

ATM heist trend unmasks tactics of tech-savvy thieves

Barclays Bank
More by this Author
That two policemen, two security officers and a taxi driver were brought to court recently for allegedly stealing Sh2.84 million out of the Sh14 million that was stolen from Barclays Bank ATMs over Easter weekend is quite telling how bank robberies have evolved.
Almost a month later, the Sh11.16 million cannot be accounted for. The people in custody can at best be described in criminal parlance as having played peripheral roles in the heists that have shaken the banking industry to the core.
Mr George Gachungui and Mr John Otieno are police officers, while Mr Daniel Orero and Mr Fredrick Otiya are security guards working for G4S.
Mr Patrick Nyoike is a taxi driver whose Toyota Probox was spotted at a Barclays ATM at Mater Hospital in South B at around the time the Sh1 million disappeared.
But of note is not the mere fact that four ATMs belonging to the same bank were vandalised on a single weekend, or how difficult it has been for detectives to arrest the culprits.
It is how clinical the robberies were done. No shots were fired. The affected ATMs were not vandalised.
It took two days for a bank with international presence and obviously good computer and security systems to discover that something was amiss in four of its off-site ATMs.
“We reported these incidents to the relevant investigative authorities as soon as we became aware of them,” said a Barclays official in response to the Nation after we asked them why it took too long for the discovery of the theft to be made public.
Though the Barclays Bank heist may look like an isolated robbery, it gave all the pointers to what is fast becoming a trend and a new age of how bank robberies are done.
“The thieves might have taken advantage of a systems upgrade at the bank to steal the money from the ATMs in Buru, Kenya Cinema, KNH and South B,” police constable Harrison Gisera, who is investigating the Barclays case, told Milimani senior principal magistrate Kennedy Cheruiyot on Thursday.
Up to around five years ago, that is not how bank robberies were done.
The robbers simply arrived at their targeted institution armed and threatened to shoot anyone who stood in their way.
They picked their loot and drove off hoping the police will not arrest them later. It was the golden age of bank robberies and ran for four decades from the 1970s.
And with it, the most famous robbers also became household names. They included John Kiriamiti, Peter Wakinyonga, Gerald Wambugu alias Wanugu, Edward Shimoli, Benard Matheri alias Rasta and Anthony Kanagi alias Wacucu.
This age of violent bank robberies was however brought to an abrupt stop by technology as banks improved their security through installing CCTV cameras.
The government even made it harder when it seconded at least two police officers to man banks at any given time.
The last nail on the coffin of armed bank robberies came in 2014 when the government rolled out CCTVs on major streets across the country.
Also, anyone with a smart phone can record a robbery and post it on the internet, making it harder for criminals to pull off large scale robberies in the open.
But on the flip side, this same technology is now a nightmare for banks ten times more than the challenges the golden age of armed bank robbery ever presented.
With its high internet speeds, a good financial system integrated to a widely successful mobile money platform, Kenya is increasingly turning into a cybercriminal’s paradise.
Police Inspector General Henry Mutyambai in an interview with the Nation this week agreed that cybercrime, with its quick evolving nature, presents one of the biggest challenges to the force.
This has forced them to change their human resource policies. “We are increasing the relevant training and expertise to deal with money trail investigations especially on the Directorate of Criminal Investigations (DCI) side,” he said.
Mr Mutyambai’s concerns are also shared by the Central Bank of Kenya (CBK), which has frequently warned that banks should continuously increase resilience to cybersecurity.
“Attackers are getting increasingly sophisticated. Now, it’s generally accepted that we need to be ready to detect an incident and respond in a timely manner and address the challenge,” said CBK in its State of Cybersecurity report (2018).
According to IT services consultancy firm Serianu, Kenya lost Sh21.1 billion to cybercrime in 2017, a 40 per cent increase from Sh15.1 billion in 2015.
The 2018 report is set for release later this month and indicators are it could paint an even grimmer picture.
Most cyberattacks in Kenya target the banking sector but few of these cases are reported because financial institutions fear losing credibility.
While you might not know it, insiders say that whenever your bank suspends mobile money or internet banking, chances are it has detected some fraud or attempting to recover lost money.
Banks are in an endless competition on who will have the most tech-savvy mobile and online banking system.
According to experts most of these systems are not tested to make sure they have absolute proof against hacking.
However in most cases hackers rely on human error in order to penetrate the systems.
“It is easier than trying to exploit vulnerability on a banks system. Most banking staff are not sufficiently trained on IT matters beyond using computers for their work, which makes it easy for scammers to penetrate systems using their accounts,” says Bildad Wanyoike, an IT expert.
According to him, most hackers strike during the weekends or public holidays when bank workers are away, which gives them more time to execute their strike.
Like in June last year, two banks lost Sh90 million to the same group of hackers within the same weekend.
The first bank initially lost Sh100 million but managed to recover Sh63 million. Then the next day hackers made away with a further Sh12 million. The second bank lost Sh91 million but managed to recover Sh50 million.
The people who carried out the heists were part of a list of 130 hackers released by the DCI two months ago.

No comments: