The Hyderabad City Police in India has arrested a Nigerian national said to be one of the masterminds of what is considered among the most sophisticated financial frauds busted in the State in recent times.
The accused identified as Ikpa Stephen Orji, was arrested on Wednesday, March 29, at Mehdipatnam, Noida.
Orji is said to be the key conspirator of the AP Mahesh Cooperative Urban Bank Limited e-fraud case, which saw four accounts of the bank being hacked, bank balances being manipulated and then, Rs.12.48 crore being transferred from the four accounts to 115 accounts and then to another 398 accounts, before being withdrawn from 938 ATMs across India.
According to City Police Commissioner CV Anand, as the scam broke out and the Cybercrimes Police Station registered a case on January 24, teams fanned out to over 14 States and cities including Delhi, Haryana and Uttar Pradesh, with around 100 officers working simultaneously on the case.
These teams found the IP logs for Internet Banking for the 500-plus accounts, which were then identified as proxies with locations indicating the USA, Canada and Romania. Police also found the hackers had used VPN services of a Bihar-based firm from whom proxy IPs were allocated to persons in the UK.
The police believe Orji is just one among the several conspirators in the case, with the others, including one known only by his nickname of Capital, still at large. The police are now writing to the Interpol to nab Capital, believed to be holed up somewhere in Nigeria.
Anand, informing that the police recovered Rs.2.09 crore while another Rs.1.08 crore was refunded to the Mahesh Bank because of incorrect beneficiary details, said Orji and Capital had come to the city in January and sitting in a mall in Kukatpally, hacked into the servers of Mahesh Bank servers, triggering the chain of fraudulent transactions.
On how the gang set the entire hacking plan into motion, Anand said the hackers sent around 200 phishing mails between November 4 and November 16 to employees of the bank.
The mails contained Remote Access Trojans (RAT), and with the employees clicking on the phishing links, the RAT got embedded in the bank’s computers.
Since all computers in the bank were interconnected, the hackers could remotely access the core banking server, using which they altered the balance in four accounts that were earlier opened under their supervision.
The cash was then transferred to various accounts, the handlers and account holders of which were paid a commission of 10 per cent.
So far police has arrested 21 other suspects including three other Nigerians. Other accused are various bank account holders and associates of Nigerian handlers.
“The main hacker is yet to be identified. We do not know him, where he or she is. We have to approach Interpol for details of proxy server addresses and if the respond, Red Corner notice will be issued,” the CP said.