Whether you access the Internet on your mobile phone, tablet or computer, you are exposed to cyber criminals. They are lurking on-line, searching for the next prey. From a technology perspective, there is no one who is 100% safe from a motivated cybercriminal. Technology changes so fast that what is tested and found as ‘water tight system’ today in terms of security (confidentiality, availability and integrity), will have an exploitable vulnerability the following day even before the system vendor discovers it, also called zero-day exploits. If that was not the case, there would be no new updates that are always sucking your data in the background, to the smiles of telecom companies!
If you have not been affected in terms of lost productivity as a result of spending a lot of time deleting junk emails due to spam messages or hacked cloud email, don’t jubilate yet. May be the hacker is not yet motivated enough to poke into your digital assets on line.
Cyber criminals are very cunning. A businessman based in Kampala approached an ‘IT company’ for computer maintenance services. A service level agreement (SLA) was signed, specifying clear terms and responsibilities for each party.
During the course of the work, unknown to the businessman, the IT Company outsourced part of the work to an external consultant who discovered the nature of transactions the client deals in. Specifically, he noted that the client supplied some imported products to several companies purchased from a specific company in the US.
If you have not been affected in terms of lost productivity as a result of spending a lot of time deleting junk emails due to spam messages or hacked cloud email, don’t jubilate yet. May be the hacker is not yet motivated enough to poke into your digital assets on line.
Using free Internet tools, the suspect (IT Company’s external consultant) copied the website of the US supplier and made the replica look exactly like the genuine one and also advertised all the products the company sells. He then sent a link to the victim via a cloud (anonymous) email address, who unknowingly placed orders through the rogue website.
In the process, payment instructions were exchanged. The first was a bidding security payment of US $90,000. Thereafter, the victim was further asked to pay US $250,000 as part of tax clearance, PVO and inspection, among others. The victim provided evidence as having paid this money to the account provided by the suspect.
Before the goods could be shipped, the victim was further asked to make more payments, which aroused his suspicious. The genuine company never asked for this kind of payment, though at first he had thought of a change of process.
Against the suspicion, the victim engaged the services of a cybercrime investigator. Immediately a police case file was opened, against which investigations commenced.
Since the investigator did not know the suspect, they started by getting the emails received in the victim’s inbox. They were able to obtain the suspect’s email header (which has information about the senders Internet Protocol (IP) address, showing the email path from origin to destination) as well as bank account information and the fake website that had been created. Using WHOIS.com and other cyber forensic investigation tools, the details of the webmasterof the rogue website were established, and key details like email address, name, mobile phone number among others.
In the next issue, we explore how to track cyber criminals, the key issues to considerin such cases and how you can protect yourself from falling prey to such scams which have brought poverty to many a business person in Kampala.