Hackers strike Bank of Uganda accounts, try to steal $24m

Bank of Uganda building in Kampala. PHOTO | FILE 

By SPECIAL CORRESPONDENT

In Summary

• The accounts targeted were those of the largest budget holders, among them the Defence, Energy and Agriculture ministries as well as the Uganda National Roads Authority (UNRA).

Ugandan government officials and hackers have since last July attempted four times to...
siphon $24 million (Ush81 billion) through the Uganda central bank.

However some of the monies that had successfully been wired to Hong Kong and UAE was retrieved through inter-bank procedures, the latest being $8 million (Ush27 billion) transferred on February 26, 2016.

The accounts targeted were those of the largest budget holders, among them the Defence, Energy and Agriculture ministries as well as the Uganda National Roads Authority (UNRA).

READ: Cyber threats risks could undermine financial sector

“The matter is the subject of an active investigation, so until that process ends we are not in a position to offer the details you are requesting for,” said Bank of Uganda communications director Christine Alupo.

“Yes, indeed all the funds were recovered from the United Arab Emirates and Hong Kong and are back in the custody of the Bank of Uganda.”

The first attempt aimed at the biggest amount happened in July 2015 and $12 million (Ush40 billion) was targeted. The plot was foiled, and the masterminds went below the radar, re-emerging in December 2015 to try to steal $2 million (Ush6.7 billion).

A month later, in January 2016, they made another attempt to fork out Ush8 billion but were detected in time before returning to compromise the system last month.

Although the Ministry of Finance first notified Uganda Police of the breaches 10 months ago, its detectives did not act immediately, prompting the military, whose budget was targeted, to swing into action and arrest three suspects who are in police custody.

Police spokesperson Fred Enanga declined to comment when asked why the UPDF had taken over the sensitive inquiries amid allegations that police was compromised.

Technocrats stole

Ministry of Finance spokesman Jim Mugunga said: “This is an ongoing investigation and our expectation is that the security agencies involved are doing their work.”

He was non-committal on the reported past attempts, saying he believes investigators will unearth all breaches.

Government officials are believed to have shared passwords with foreign-based tech-savvy individuals, profiled the accounts with huge credits to stage the theft.

All the Integrated Financial Management System transactions originated from the Ministry of Finance and processed through Bank of Uganda and the money was to be wired to fictitious companies in either Hong Kong or the United Arab Emirates.

It is unclear how non-existent entities indicated in the documents held accounts, raising suspicion of possible collusion between host banks and the masterminds.

The fraud comes three years after the government instituted new financial integrity measures to seal loopholes, following the 2012 scandal in which technocrats in the Office of the Prime Minister stole in excess of USh60 billion that development partners had pooled to rebuild war-scarred northern Uganda.