Hacker Group That Siphoned Ksh400 Million From Local Bank

  • A homegrown cyber cartel, SilentCards, which branched off from the larger Forkbombo Group of hackers has been identified as the group responsible for siphoning off Ksh400 Million from a local bank in 2018.

    Poland based cybersecurity firm, OnNet services revealed to the Star that SilentCards was also responsible for emptying three ATMs belonging to Barclays bank of the millions of shillings in April 2019 during the Easter Weekend.

    Going on to reveal that they had issued a warning regarding the easter attacks in order to try and avoid serious losses.

    "We believe this threat actor is still active in different infrastructures and is planning to attack another institution this Easter by running huge transactions," the firm revealed in a tweet just before the ATMs were robbed off.

    The firm stated that it could not disclose the identity of the bank that lost Ksh400 Million at the hands of the same hackers back in 2018 as they didn't have approval.

    "Due to the fact the institution is not our client and has not directly or indirectly contacted us for approval to issue a statement, we can’t name it, rather we can provide details of how such a heist occurred according to our research, observations and intelligence collection,’’ the firm divulged.

    SilentCards is believed to have sprung up after Forkbombo group disintegrated following a major inter-agency crackdown comprising of experts from Kenya Revenue Authority, Banking Fraud Unit and Cyber Crime Unit.

    Forkbombo reportedly terrorized banks between 2016 and 2017, a period in which they made away with hundreds of millions before the crackdown that led to the publicized arrest of one of its members, Calvin Otieno Ogalo (a former police officer and bank employee).

    The group was given this name because back in their heydays, they used forkbombo@gmail.com to receive keylogger data after infecting a machine with the keylogger variant that they had developed in-house.

    Kenyan white-hat hacker, Brian Muuo, revealed how malicious hackers are able to install keylogger malware on systems of unsuspecting victims.

    "The victims usually wander off into unsafe sites while surfing the web, or click on pop-up ads that direct them to other sites without knowing that this opens up their system to this malware that will be able to track and record every keystroke entry made on a computer including passwords," Muuo disclosed.

    After collecting as many credentials using such malware, SilentCards reportedly stole Ksh400 Million in small batches in order to avoid any red flags, then accessed it via VISA/MasterCard overseas and Mobile Money Transfers.

    In 2016, the Cybercrime Investigations Unit reported that Kenya lost more than Ksh17 Billion to hackers adding that the country currently ranks at number 69 out of the 127 countries that are vulnerable to cybercrime.