How hackers used betting site to access Airtel Money in Uganda
Cyber attacks have been on a rise in recent years in Uganda, in both their frequency and ferocity.
What you need to know:
- After tweaking AMCUL’s software to approve transanctions, the hackers drained its central systems of just under Ush8 billion ($2.1 million) in a meticulously planned operation.
Black hats hackers used the website of a gaming platform in Uganda to plunder money from the systems of Airtel Mobile Commerce Uganda Limited (AMCUL), making away with about $2 million.
While the licensed betting firm’s website prides itself on making “use of standard encryption to protect the data of its users”, cybercriminals used it as a gateway to Airtel Money's digital systems.
After tweaking AMCUL’s software to approve transanctions, the hackers drained its central systems of just under Ush8 billion ($2.1 million) in a meticulously planned operation.
The hack affected a number of banks and microfinance deposit-taking institutions operating in Uganda. The Monitor understands that one of the microfinance deposit-taking institutions filed an official complaint with Cyber and Counter Electronic Measure Desk at Criminal Investigations Directorate (CID) headquarters in Kibuli, Kampala.
Black box attack
Initial investigations indicate that the hackers accessed Airtel Money systems via one of its clients— the betting firm, whose name has been withheld. Punters who use the gaming platform to load virtual bet slips stake bets only after crediting their accounts with mobile money on Airtel or MTN.
CID detectives told Monitor that when the black hats accessed AMCUL’s systems they launched what is known in the hacking underworld as a black box attack. Multiple accounts of banks and microfinance institutions bore the brunt of the ‘jackpotting’ with money mules acting on behalf of the black hats receiving mobile money from the hack.
Monitor learnt that 1,840 registered and preregistered SIM cards were readied for big withdrawals. Sources say that the hackers had completed transactions on 1,800 of the SIM cards before the daring raid was stopped in its tracks.
In a statement, Airtel Uganda said the “incident did not impact any Airtel Money or bank balances.” It added that “our platform is secure and built to world-class specifications to give our Airtel Money customers an instant, safe and secure experience.”
Attempts to talk to the top brass of the betting firm were unsuccessful.
The daring raid on AMCUL’s digital systems took place on October 28.
CID response
Sources say officials from the betting firm in the eye of the storm will be probed at the start of the new workweek on Monday. This is as investigators attempt to get to the bottom of the $2.1 million hack.
The police say investigations are in high gear.
Detectives close to investigations told Monitor that AMCUL’s executives were recently summoned to the CID headquarters in Kibuli.
Cyber attacks have been on a rise in recent years in both their frequency and ferocity. Ugafode Microfinance Limited—a Uganda-based micro deposit-taking institution—lost Ush400 million (about $100,000) to black hats this year.
