A Nigerian man has been arraigned in an Abuja high court, charged with hacking into a bank server and siphoning out more than N68 billion (over $340 million, £225 million).
The man, Stephen Omaidu, a graduate of Kogi State Polytechnic in Lokoja, entered a not guilty plea and has been remanded in custody pending his trial.
The Nigerian Economic and Financial Crimes Commission (EFCC) accuses Omaidu of participating in the hack along with four others, who all remain at large. Two of them are named as just “Ben” and “Oliver”.
Few details have been released on exactly how the “hack” took place, and indeed on the bank involved, other than that it is a “second-generation bank” – that is, one set up since independence from colonial rule in 1960. Nigeria’s largest banks are mostly older establishments.
The big thing here is, of course, the amount of money involved.
If this had been a physical heist it would have been well up among the largest ever – the amount one can steal in cash and other transferables tends to be limited by how much crooks can get out through a door (or tunnel) in a reasonable amount of time. Only art or jewel thefts get this big.
Even in large-scale operations like identity theft and carding, each individual fraud tends to be fairly small and the totals netted by long-running operations barely touch this sort of scale.
Banks are prime targets for cybercrooks, with their computer systems holding vast amounts of money which can be transferred from account to account without the need of a holdall, let alone a large truck.
Although banks’ security gets ever more elaborate, especially their digital defences, it seems there’s always a way around them, and when someone finds such a way the losses can be seriously epic.
For the most part, such “hacks” tend to involve some sort of insider, as in another recent case in Nigeria, or at least placing some rogue hardware into bank networks as in the UK Barclays and Santander scams of 2012-13.
Theft of digital currencies such as bitcoin, which can get fairly massive, as in the Mt. Gox incident, also tend to involve insiders.
It’s not clear whether Mr. Omaidu or any of his alleged conspirators were bank employees, but the odds are pretty good that there was an inside connection of some sort.
Either way, it seems like some banks still have some work to do to keep their computers and networks, and the immaterial funds stored in them, secure.