/ 17 January 2012

Sabric stays mum on R42m Postbank heist

The South African Banking Risk Information Centre (Sabric) said on Tuesday it was unable to comment on the recent hi-tech cyber heist of R42-million from the Postbank.

“[Sabric] is not in a position to make comment on any issues relating to the cyber-crime incident involving Postbank. All media inquiries relating to this incident should be directed to Postbank, or the law enforcement agencies that are conducting investigations in this matter,” Sabric said.

However, it assured the public that the South African banking industry viewed combating electronic banking crime as a high priority and that the banks were collaborating with each other and law enforcement on various initiatives in this regard.

A weekend paper reported that the cyber-crime syndicate launched its operations on New Year’s Day and the theft happened over three days. It is also reported that the syndicate had knowledge of the post office’s IT systems.

Parliament’s Portfolio Committee on Communications chairperson, Sikhumbuzo Kholwane, on Monday condemned the heist and called on the Postbank and law enforcement agencies to tighten elements of the bank’s security network.

Cyber heist
The National Intelligence Agency (NIA) said at the weekend it had launched a high-level probe into the cyber heist.

The theft occurred between January 1 and January 3, and was allegedly committed by a syndicate with knowledge of the post office’s information technology (IT) system.

Department of state security spokesperson Brian Dube confirmed that the theft had occurred and that the probe had been launched.

“When a government institution is compromised, the NIA will be involved and will offer its assistance,” he told the Sunday Times newspaper.

Postbank currently holds over R4-billion in deposits and processes millions of rands in social grants throughout the year.

Upgrading systems
The bank told the newspaper that none of its customers were affected by the hacking but declined to comment further.

The syndicate reportedly opened several Postbank accounts across the country late last year and during the New Year holiday period gained access to a Rustenburg Post Office employee’s computer and made deposits from other accounts into its own.

Over the next three days, ATMs in Gauteng, Free State and KwaZulu-Natal were used to withdraw cash from the accounts.

The incident comes three years after Postbank spent over R15-million to upgrade its fraud detection service.

An unnamed security expert told the newspaper that serious questions had to asked about Postbank’s internal systems.

“The Postbank network and security systems are shocking and desperate need of an overhaul. This [theft] was always going to be a real possibility,” the expert said. — I-Net Bridge