How Hackers Are Stealing Billions From Kenya’s Banks And Getting Away With It

Barclay’s Bank, Kenya branches, lost a combined sum of sh11 Miillion over Easter this year.

Polish cyber security firm, OnNet Services had warned Barclay’s Kenya via a tweet published on 17th of April, stating that ‘SILENTCARDS’ group of hackers were planning to hack into their ATMs.

OnNet services had also published on their blog a fortnight ago that they believe the hacking threat from SilentCards is still active in many other institutions.

OnNet Service Chief Technician and Innovator Stephanie Neringa told the investigators of this site that they are creating a global community awareness to minimize the loss of both finances and most important, the customers of local financial institutions.

Stephen said their are having a hard time to accomplish their goals because most of our banks have poor or backdoor security loopholes that make them easy targets from SilentCards.

OnNet Services Group innovator also said they have server information used by SilentCards hackers to loot over sh 450Million from a local Bank.

Our efforts to get the details or the name of the Bank were fruitless due to nonexisting tech advisory contract between the Bank and OnNet Services.

This is not the first time our local banking sector is losing billions of money to group(s) of hackers.

March last year, National Bank of Kenya confirmed to have been successfully hacked. The hackers went away with key security details and a loss of over sh 29 million.

Microsoft’s Cloud chief strategist Rudiger Dorn, said that cyber criminals looted over 800 million dollars globally in the past year.

Earlier this year, CBK and Visa held a successful cyber security workshop that exposed how rogue bank officers collude with hackers swindle illiterate customers and ATM induced cash-outs.

Visa sub-Saharan Africa Head of Risk and management Bevan Smith said hacker get hold of genuine cards that give them quick and easy backdoor access into banking system.

Increased cyber threats prompted CBK to introduce cyber security guidance and guidelines in July 2017.

Local Banks were required to file, compiled annual reports to CBK on their cyber security system and how they are curbing the threats facing their systems.

These security guidelines were also imposed on mobile money transfer networks. With Safaricom’s M Pesa services being on top, they are legally required to notify CBK of any cyber security glitches within a period of 24 hours.

Back to the elephant in the house, SilentsCards, are local Cyber criminals members of what was formally known as Forkbombo.

These cyber crooks were named Forkbombo in 2016 by government cyber watchdogs because they used [email protected] to electronically get hold of keyloggers data.

Kenya Revenue Authority, Banking Fraud Unit and Cyber Crime Unit of the DCI formally CID dismantled Forkbombo after the criminals 2 years of contacting cyber crime.

In 2017, The DCI arrested
Calvin Otieno Ogalo, a 35 year old former police officer and bank employee who was said to be the Forkbombo leader.

Calvin Otieno was arrested alongside minor members and two American citizens. They were both charged and the two Americans deported.

The cybercrime department of DCI said that Kenya lost over sh 17 Billions to hackers in 2016-2017.

Last year, DCI detectives said that majority of cyber criminals in their custody had deep international connections with local and international Politicians.

This international deep political connections of the hackers saw Kenya ranked 69 out of 127 most vulnerable countries by the Global Threat Index.

OnNet services says that SilentCards regrouped in 2017 after obtaining the original keyloggers data from remaining members of forkbombo.

“The latest code used in several banks after reversing has the main Def as OnKeyBoardEvent() and the files are usually saved as tech_kg.py,’’ OnNet Chief said.

According to OnNet services, Silentcards attackers use these three passwords as their first attempts to enter into banking systems;
a) admin123
b) secret123
c) welcome1

Further investigations from OnNet indicate that Silentcards
attacks copy and evaluate audit information from main data servers.

OnNet service says that Forkbombo used to have money mules whereas SilentCards uses a well connected web of foreigners who get quick international backdoor wired transactions that later withdraw in a coordinated plan.

Silentcards hackers are specialized in Python Scripts and also use advanced hacking
tools like Empire, Metasploit, DeathStar, Bloodhound, CrackMapExec, Aesshell, XmultiShell, CHAOS and Katoolin.

OnNet investigators said that they are following up a tip that GrapZone international hackers are now working with Silentcards to fully regroup Forkbombo and their viscous cyber attacks.