The Scorpions have arrested a Cape Town man suspected of hacking bank accounts using sophisticated keystroke logging technology.
The 28-year-old man was arrested after a joint operation between the Scorpions, Standard Bank (SBK) and a UK-based security consultancy, which traced the man through his prepaid SIM card on his mobile phone, Standard Bank said in a statement.
The man, who is out on bail and under house arrest, has been linked to at least 120 counts of online fraud affecting most of South Africa’s major banks. Several international banking customers were also affected. The arrest is the first of its kind involving a substantial amount of money and impacting all major South African banks.
Standard Bank security head Herman Singh confirmed that clients from the various banks had been affected by the scam, which gleaned their details using spyware at Internet Cafes across the country.
"Apprehending cyber fraudsters is not something that happens very often. We are very proud of the work and dedication shown by all the parties involved in apprehending the suspect," said Singh. "The type of attacks and modus operandi are totally new.
"In comparison to the Absa (ASA) attacks of 2003, which affected approximately three customers, this case is far more sophisticated and organised. It was generic to all secure sites and the impact is only starting to be fully understood in the banking sector."
It is thought the man used the spyware on vulnerable computers in Internet Cafes to log sensitive login details, including card numbers, customer selected PIN and passwords. The details were then transmitted via a remote Internet access device to a server in Estonia, and were then retrieved by the alleged fraudster to log onto Internet Banking sites and make numerous electronic fund transfers (EFT) and prepaid airtime purchases.
Most of the affected Internet Cafes are in Johannesburg’s northern suburbs and Pretoria, with isolated cases being reported in Cape Town. The first incidents were reported in May 2006 and the modus operandi was established after intensive investigation by Standard Bank IT experts.
The fraudulent transactions were all conducted using Vodacom’s data service, said Singh, and the mobile number used was identified with close collaboration from Vodacom. The security consultancy then traced the suspect to a house in Cape Town.
"Once again, this attack shows the importance of banking customers keeping their details secure, and preferably avoiding Internet Cafes as a place to do their online banking," said Singh.