TechPression

Category: Cybercrime

  • Hackers Steal over 600 Million Dollars from Binance Smart Chain

    Hackers Steal over 600 Million Dollars from Binance Smart Chain

    The Binance Smart Chain (BSC) has suspended operations due to irregular activities amid reports of a hacking attempt on BNB, which jolted the global cryptocurrency market.

    It was reported that the hackers hijacked the Binance-linked cryptocurrency BNB, which was valued at over $600 million at the time of the attack. This was disclosed in a tweet from the BNB official handle on Twitter.

    Users have been given the reassurance that all funds are secure. The BNB chain assures us that all systems are now contained, and they are promptly examining the possible vulnerability. “We are certain that the community will provide support and freeze any transactions.”

    Read also: Cybercrime Ravages Cryptocurrencies

    The BNB dropped by about 3.6% when the report of the hacker breach on the token circulated, dropping to $282.46 on October 7th. Given that Binance Smart Chain is the backbone of the cryptocurrency ecosystem, this event represented the latest setback for bitcoin activity worldwide.

     It was revealed that the attacker was only able to transfer a fraction of the stolen funds to other chains before validators shut down the network, preventing the hacker from gaining access to the remaining $430 million at their BNB chain address. The chain has since been reactivated.

    According to the DeBank portfolio tracker data, the hacker gained access to digital currencies worth over $110 million across the Ethereum, Avalanche, and Fantom networks, as well as L2s Arbitrum and Optimism. However, Tether, the stablecoin’s issuer, has reportedly frozen around $6.5 million worth of USDT.

    The attacked Token Hub acts as a conduit for BNB to reach the BNB Chain, the company’s smart contract blockchain. Rebranded from its previous name, Binance Smart Chain, this network is Binance’s DeFi ecosystem and the third biggest DeFi blockchain by Total Value Locked (TVL).

    The validation process helps Binance restrain stolen funds

    In an update to the most recent occurrence, An official statement published on the BNB chain official site explains that there was an exploit impacting the native cross-chain bridge known as the “BSC Token Hub” between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC). It’s estimated that 2,000,000 BNB was withdrawn. The vulnerability was exploited through a complex forgery of the low-level proof into a single shared library.

    “Most of the funds are still under control thanks to the help of all the security experts, projects, and validators.”

    As one of the numerous innovative protocols aiming to close the gap between different blockchains, BNB Smart Chain significantly improves upon the capabilities of the original Binance Chain. Although still in its infancy, Binance’s promise of BNB staking and EVM compatibility makes the platform a perfect engine for developers creating robust decentralized apps.

    Things to Know About The BNB Smart Chain

    The BNB Smart Chain (BSC) is a blockchain that operates concurrently with the BNB Beacon Chain. In contrast to BNB Beacon Chain, BSC is equipped with the ability to execute smart contracts and is compatible with the Ethereum Virtual Machine (EVM). The goal of this design was to add smart contracts to the ecosystem of the BNB Beacon Chain without slowing down it is famously fast throughout.

     Both blockchains can be considered to run in parallel. Note that BSC is not a “layer two” or “off-chain” solution for scalability. Being autonomous, it could continue to function even if the BNB Beacon Chain went down. Nevertheless, both chains are very similar in appearance.

    Due to its compatibility with the Ethereum Virtual Machine (EVM), BSC has made available a wide variety of Ethereum-based tools and decentralized applications (DApps) since its inception. To some extent, this facilitates the transfer of Ethereum-based projects to other blockchains. Consequently, users can quickly and simply set up programs like MetaMask to interact with BSC. It’s as simple as adjusting a few sliders. To get started, have a look at How to Use MetaMask with BNB Smart Chain.

  • Getty Images Bans AI-generated Content

    Getty Images Bans AI-generated Content

    Getty Images has banned the submission and sale of artwork created using Al-generated image synthesis models such as Stable Diffusion, DALL-E 2, and Midjourney on its platform.

    The user-generated platform follows sites including Newgrounds, PurplePort, and FurAffinity in the decision to ban Alternative Intelligence-generated illustrations. This makes Getty Images, the largest visual media company put such a ban in place.

    The CEO of Getty Images Holdings Inc, Craig Peters states that the company has real concerns concerning the copyright of Al-generated content, as well as unaddressed rights issues concerning the imagery, the image metadata, and those individuals contained within the imagery.

    He said given these concerns, selling AI-generated artwork or illustrations could potentially put Getty Images users at legal risk. And insists that the platform is simply looking out for its customers and that AI-generated images might not be in their best interest.

    Getty states that this ban does not prevent the submission of 3D renders nor does it prevent the use of any digital editing tool, such as Photoshop or Illustrator.

    Read also: Meta Company Accuses Facebook of Alleged Trademark Infringement

    Why is Getty Images doing this?

    It is worth stating that photographs are strongly protected under the law. The original elements are everything from the angle, lighting, focus, composition, exposure, and so on of the subject. A copyrighted photo of a Laundromat doesn’t restrict anyone else from photographing Laundromats generally or that particular Laundromat; only from reproducing that same set of factors chosen by the original photographer.

    This explains why you can take a picture of a famous landscape from the same spot as a famous photographer, and the picture is yours, but copying a print of the original photograph and trying to sell it can get you in trouble.

    The reality of it is that copyright is complicated, and by design, questions of fair use are handled on a per-case basis. There’s a four-point balancing test applied every time, and there’s no streamlined way of weighing one as more important than the other.

    1) The purpose and character of your use
    2) The nature of the copyrighted work
    3) The amount and substantiality of the portion taken
    4) The effect of the use upon the potential market.

    There’s, as yet, no clear-cut answer to whether AI-generated art does violate artist copyright protections.

    What users should know

    The creators of AI-generated images say the technology is legal, but the jury is still out on this. Software like Stable Diffusion is trained on copyrighted images scraped from the web, including personal art blogs, news sites, and stock photo sites like Getty Images. The act of scraping is legal in the US, and it seems the output of the software is covered by the “fair use” doctrine. But fair use provides weaker protection to commercial activities like selling pictures, and some artists whose work has been scraped and imitated by companies making AI image generators have called for new laws to regulate this domain.

    When asked if AI-generated content was a threat to the livelihoods of illustrators and photographers who sell their work on Getty Images, the CEO of Getty Images Holdings Inc., Craig Peters, suggested that these tools were just the latest example of technology expanding the amount of available imagery.

    “The world is already awash in imagery. Digital cameras have generated exponential growth in imagery given the reduced cost and simplicity of capture, transmission, and use. The introduction of the smartphone and social media took this to all new levels, with trillions of images taken and posted,” said Peters. “Our business has never been about the ease of creating imagery or the resulting volume. It is about connecting and cutting through. ”

    Peters says Getty Images will rely on users to identify and report such images, and that it’s working with C2PA (the Coalition for Content Provenance and Authenticity) to create filters. However, no automated filter will be wholly reliable, and it’s not clear how easy Getty Images will find it to enforce its new ban.

    The platforms that sell artistic images, like Getty, are inherently threatened by AI-generated art. The reason is that there could be less demand long-term for artistic works if people can easily use computers to create fake ones to get across certain scenes or ideas.
    Another fear AI-generated content creates, apart from copyright issues, is that artificial intelligence can be used to create images of real people in compromising situations that never happened, and this could lead to defamation lawsuits or worse.

    An Advocacy Group Criticizes Zoom’s Proposed Emotion AI

    About Getty Images

    Getty Images Holdings, Inc. is an American visual media company and is a supplier of stock images, editorial photography, video, and music for businesses and consumers, with a library of over 477 million assets. It targets three markets—creative professionals, the media, and corporate.

  • Binance Introduces Global Training Program to Fight Digital Asset-Related Crime

    Binance Introduces Global Training Program to Fight Digital Asset-Related Crime

    The use of cryptocurrencies is becoming increasingly widespread. These are decentralized digital or virtual currency forms that may be spent or traded utilizing blockchain technology. They are sometimes referred to as altcoins. The degree to which they accomplish their goals of enhancing privacy and anonymity is an open question for many. Some of these currencies allow the public to view all transactions, while others give users the option to maintain their privacy. Others choose to keep the privacy feature wholly hidden from view

    Binance, a cryptocurrency exchange, just launched its Global Law Enforcement Training Program. This program is meant to help law enforcement agencies fight against financial and electronic crimes that use cryptocurrencies or digital assets.

    According to Binance, the training program will be directed by a group of highly qualified specialists. Some of these are former law enforcement officers and security experts who helped shut down illegal platforms like Silkroad and Hydra.

    The cryptocurrency exchange platform provides one-day training sessions that involve rigorous in-person workshops on the blockchain, cryptocurrency, legal issues, and anti-money laundering regulations. These programs may be found on the platform.

    Read also: Ibukun Awosika, 10 others Joins Binance Advisory Board

    More About Binance Global Training Program

    Alongside various law enforcement officers from Argentina, Brazil, Canada, France, Germany, Israel, the Netherlands, Philippines, Sweden, South Korea, and the United Kingdom, Binance’s e-crime and cybercrime investigations team has been receiving training since 2021.

    Tigran Gambaryan, the Global Head of Intelligence and Investigations at Binance, said that the company created the Training Program because regulators and public law enforcement agencies wanted to learn more about crimes related to cryptocurrencies and come up with ways to stop them.

    According to Gambaryan, the Binance Investigations team has responded to more than 27,000 inquiries from law enforcement in an average time of three days, which is “faster than any traditional financial institution.”

    Binance has said that its team is able to keep an eye on and fight a wide range of online criminal activities, from funding terrorism and spreading malware to more serious crimes like human trafficking and using children for pornographic purposes.

    The business issued the following statement: “The safety of our customers is our top priority at Binance.” We contribute to the battle against terrorism financing, ransomware, human trafficking, child pornography, and financial crimes by working hand in hand with law enforcement authorities to detect and trace suspected accounts and fraudulent activities.

    Changpeng Zhao (CZ), the CEO of Binance, said on his Twitter account that the program is new to the cryptocurrency market and will help find and prosecute criminals who try to take advantage of digital assets’ weaknesses.

    Binance Launches Meetup Tour Across Francophone Africa

    About Binance

    Binance was initially conceptualized and launched by Changpeng Zhao, a developer who had previously invented high-frequency trading software. Binance’s headquarters were initially located in China; however, they were relocated outside of the country in response to the Chinese government’s increased oversight of cryptocurrency activities.

    In 2021, the United States Department of Justice and the Internal Revenue Service opened an investigation into the cryptocurrency exchange Binance based on suspicions of money laundering and tax violations. Binance was given an order by the Financial Conduct Authority of the United Kingdom to cease any regulated business in the United Kingdom by June 2021.

  • Financial phishing, cyberattacks surge In Kenya and Nigeria

    Financial phishing, cyberattacks surge In Kenya and Nigeria

    Cyberattacks in the financial industry are shifting away from targeting individual customers toward targeting corporations.

    According to Kaspersky Security Network, phishing attempts in African countries have increased significantly from the first to the second quarter of 2022. Online retailers, payment systems, and financial institutions were attacked.

    Phishing is a deceitful method of collecting information, and one that is gaining popularity in the region is known as “financial phishing.” Phishing is a type of online fraud in which the fraudster sends bogus warnings from banks, e-pay systems, and other organisations in an effort to deceive customers into disclosing their financial information. Phishing is also known as spear phishing.

    The con artist sends alerts that can be associated with the theft of passwords, credit card numbers, bank account details, and other sensitive information. These alerts can be sent out if data is lost, credentials need to be updated, or the system breaks down.

    Kenyan organisations suffer various phishing attacks

    According to the data provided by Kaspersky, 100,192 financial phishing attacks were directed at organizations in Kenya during the second quarter of 2022. This represents a 201% increase compared to the first quarter.

    Read also: Cyberattacks Ravages European Oil Companies

    E-commerce websites accounted for 58 per cent of all attacks, followed by banking websites (21%), and payment system websites (21%). Nigerian authorities discovered 61,344 financial phishing attempts directed at organizations during the same period, which represents a 79% increase from the first quarter. In 52% of cases, e-commerce websites were attacked. Banks were attacked 6% of the time, while payment systems were attacked 42% of the time.

    It’s hard for us to imagine life before the internet, to the point where our entire financial life is now conducted online. This is the power that comes with digitisation. On the other hand, we must not lose sight of the fact that we are facing an unparalleled onslaught of difficulties. One of these difficulties is the expansion of financial threats, which are getting better at manipulating human behaviour and will only worsen in the future. Emad Haffar, Head of Technical Experts at Kaspersky, says that businesses that want to stay ahead of constantly changing cyberattacks and getting more complicated should put fraud prevention front and centre. This will help them control fraudulent transactions, lower the risk of fraudulent activity in the future, and protect their reputation.

    How to avoid phishing scams or cyberattacks 

    Kaspersky has given the following tips to organisations to help them avoid phishing scams and other forms of online fraud:

    It is essential to educate employees since they are the first line of defence against cyber attacks. Make it a learning process that never stops, and instruct them on the warning signs for which they should always be on the lookout.

    In the same vein, ensure that your consumers are aware of the dos and don’ts of cybersecurity to defend themselves from becoming victims of phishing scams.

    Use the Kaspersky Fraud Prevention solution to determine if a customer’s device is infected with malicious software. It does proactive malware analysis and detection in real-time.

    Kaspersky Threat Intelligence is the tool that companies should rely on to boost their visibility and provide their security operations with more advanced insights. APO Group, on Kaspersky’s behalf, distributed this document.

    Kaspersky Launches Online Course for Cyberattack Défense

    About Kaspersky

    Kaspersky is a global corporation created in 1997 specializing in cybersecurity and digital privacy. Kaspersky is continually transforming deep threat intelligence and knowledge into novel security solutions and services to safeguard consumers, enterprises, critical infrastructure, and governments worldwide. The extensive security offerings provided by the company include industry-leading endpoint protection as well as a variety of specialised security solutions and services designed to defend against more complex and pervasive online dangers. Kaspersky technologies protect over 400 million consumers, and we assist over 240,000 corporate customers in protecting what is most important to them and their business. Visit www.Kaspersky.co.za to acquire further knowledge.

  • The NCC advises Zoom users to install the latest updates

    The NCC advises Zoom users to install the latest updates

    The Computer Security Incident Response Team of the Nigerian Communications Commission (NCC-CSIRT) has advised users of the video telephony platform Zoom to install the latest version of the software, which can be obtained from the app’s publisher, following the discovery of vulnerabilities that remote attackers can exploit.

    The Indian Computer Emergency Response Team (CERT-In) found a number of security holes in the Zoom product. The NCC-CSIRT released an advisory about this on Wednesday. In the wake of the COVID-19 Pandemic, the videotelephony platform gained popularity as a means for conducting virtual meetings, and it now has more than 300 million daily users.

    “A remote attacker could use the flaws to get around security measures that have been set up and cause a denial of service on the targeted machine,” the NCC-CSIRT advisory says.

    It was pointed out that “These vulnerabilities exist as a result of incorrect access control implementation in Zoom On-Premises Meeting Connector MMR prior to version 4.8.20220815.130,” which was stated in the report. By taking advantage of these vulnerabilities, a remote attacker could sneak into a meeting they were not invited to attend without raising suspicion among the other participants. In addition, they can access the audio and video feeds of meetings they were not allowed to attend and interrupt other sessions.

    Read also: An Advocacy Group Criticizes Zoom’s Proposed Emotion AI

    Suppose these vulnerabilities are used in a way that works. In that case, it may be possible for a remote user who is not authorised to access the system to get around the security measures that have been put in place.

    What is the National Communications Commission saying on this?

    The National Communications Commission (NCC) established the Computer Security Incident Response Team (CSIRT) as the telecom industry’s cyber security incident center so that it could concentrate on incidents that occurred in the telecom industry and how those incidents may have affected telecom customers and citizens in general.

    The Computer Security Incident Response Team (CSIRT) also works in conjunction with the Nigeria Computer Emergency Response Team (ngCERT), which the Federal Government established in order to reduce the number of future computer-related incidents. This is done by getting Nigeria’s cyberspace ready, protecting it, and making it safe so that attacks, problems, and other similar things don’t happen.

    Read also: Google Hangouts, set for delisting come November 2022

    About Zoom

    Zoom Video Communications, Inc. is a communications technology company that was founded in the United States and had its headquarters in San Jose, California. It offers video telephony. through a cloud-based peer-to-peer software platform that is used for video communications (Meetings), messaging (Chat), voice calls (Phone), conference rooms for video meetings (Rooms), virtual events (Events), and contact centers (Contact Center). Additionally, it provides an open platform that allows third-party developers to build custom applications on its unified communications platform (Developer Platform).

  • 18-year-old hacks and steals sensitive information from Uber

    18-year-old hacks and steals sensitive information from Uber

    On Thursday, Uber employees learned that a hacker had gained access to extensive portions of the company’s internal network and boasted about it on the official Slack channel. According to the news source that broke the story, the intruder showed The New York Times and security researchers screenshots of the breach and was unusually open about how it happened and how far it went.

    Findings show that the intruder most likely used WhatsApp to contact an Uber employee to get first access.

    The hacker gained access to the user’s account by stealing the password and convincing the user to approve a push notification for multi-factor authentication. Finally, the invader found administrator credentials that granted access to some of Uber’s most prized network assets. Uber shut down parts of its internal network while it looked into how big the problem was.

    Read also: Lapsus$ Group Attacks Microsoft and Okta in Cyber Hack

    What information the hacker accessed or what else the hacker did is still unclear. Uber kept a lot of information that could have been accessed, like people’s private addresses and where they were every hour.

    Who is responsible for the Uber hack?

    The hacker socially engineered the Uber employee after discovering the employee’s WhatsApp number; the hacker messaged the employee directly and told them to go to a phoney Uber site, which then captured their credentials in real-time and used them to access the accurate Uber site.

    Multi-factor authentication, or MFA, was in place at Uber as a mobile app requiring users to enter a code displayed on their smartphone before gaining access. The hacker repeatedly typed the credentials into the simple site to get around this security. The worker, who appeared to be dazed or exhausted, pressed the button. The attacker was successfully warded off after that.

    After digging around, the attacker found several Powershell scripts an administrator had saved that would automatically log them into various secure network compartments. The required login information was already included in the scripts.

    To brag about his victory, the assailant allegedly sent texts to all of Uber’s employees through the company’s Slack channels.

    One message reportedly claimed, “I announce I am a hacker, and Uber has suffered a data breach.” Screenshots showed that the person had access to Uber’s Amazon Web Services and G Suite accounts and its code repositories.

    It is yet unknown what other information the hacker gained access to or if any of it was copied or leaked. As of Friday, Uber’s disclosure website now reads, “We have no evidence that the incident involved access to sensitive user data (like trip history).”

    The outcome of the hack

    Not much. The individual, who claims to be 18, posted to Uber driver support forums on Slack to express dissatisfaction with pay. Because of this, and because the invader made no effort to hide the breach, it’s safe to assume that the motivation behind the attack was not financial gain via ransomware, extortion, or espionage. Until now, nobody knew who this person was.

    The business has admitted to the security breach and is now looking into it.

    Was it possible that a teenager, only 18 years old, gained access to the most secret information of a multinational corporation? How is that even possible?

    Read also: Cybercrime in Nigeria: Increasingly Sophisticated Crimes Part 2

    While it’s too early to tell, this situation seems possible, if not likely. Still, phishing is a highly successful method of network penetration. Why use a zero-day exploit when there are more straightforward and cheaper ways to get in?

    Furthermore, phishing assaults have become more sophisticated in recent months. The recent hack of Twilio is just one example of a widespread attack that has affected various businesses. The attackers used Telegram; the phishing page sent the user’s credentials to the attackers, who then used them to access the legitimate website. The attackers matched the user’s entry of a one-time password provided by an authenticator software. Even if an employee used a security tool like Duo to keep unauthorised users out of their account, the hackers would still be able to access it as soon as the employee consent.

    If a user’s password is stolen in a database hack, this multi-factor authentication system will keep them safe. However, it has been shown that they are entirely ineffective against phishing attempts. Phishing-resistant multi-factor authentication (MFA) is now only available in FIDO2-compliant forms. There is no better MFA programme than this one.

    Read More: Get latest update on Africa Tech News 

    The widespread misconception that people in modern societies are too savvy to fall for phishing campaigns continues to plague many institutions and communities. They find authenticator apps more practical than FIDO2 multi-factor authentication methods, which include carrying a phone or a physical key. Until that way of thinking changes, breaches of this kind will always be a part of life.

    On Friday, Uber’s stock price fell by over 4% because of a widespread sell-off that pushed down the prices of shares in many other companies. Indicators on the Dow Jones Industrial Average were down 1%. The S& P 500 fell 1.2 per cent, and the Nasdaq Composite fell 1.6 per cent, respectively. Why Uber’s stock is down and what role the breach has had in that decline remains unclear.

  • Uganda’s Parliament Passes Tougher Computer Misuse Sanctions

    Uganda’s Parliament Passes Tougher Computer Misuse Sanctions

    The Computer Misuse (Amendment) Bill, 2022, which set harsh penalties for cybercrimes and was privately proposed by Muhammad Nsereko (Ind., Kampala Central), has been passed by the Parliament of Uganda.

    The purpose of the Computer Misuse (Amendment) Bill, 2022 was to amend the Computer Misuse Act, 2011, in order to strengthen the provisions on unauthorized access to information or data; prohibit the sharing of any information pertaining to a child without authorization from a parent or guardian, and prohibit the sending or sharing of information that promotes hate speech.

    Uganda’s Computer Misuse Bills

    https://twitter.com/Parliament_Ug/status/1567841642467450882

     

    A new section of the law proposed by the chairperson of the ICT committee, Hon. Moses Magogo, defines social media and establishes sanctions for computer users who hide behind fake identities. It reads: “A person who uses social media to publish, distribute or share information prohibited under the laws of Uganda or using a disguised or false identity, commits an offence.”

    According to the provisions of the law, an individual who is responsible for managing an account for an organization in which the aforementioned conduct occurs would be held accountable for the commission of the offence.

    The sentence continued by providing a variety of interpretations of what “social media” means. “a set of technologies, sites, and practices which are used to share opinions, experiences, and perspectives, and includes YouTube, WhatsApp, Facebook, Instagram, Twitter, WeChat, TikTok, Sina Weibo, QQ, Telegram, Snapchat, Kuaishou, Qzone, Reddit, Quora, Skype, Microsoft Team, and LinkedIn.” 

    If a person violates the provision that is at issue, they will, upon conviction, be subject to one of the following punishments: a fine of sixteen million shillings, a prison sentence of five years, or both the fine and the sentence.

    Read also: Kenya Launches Cybercrime Protection Game for Children

    Verified accounts on social media platforms are believed to be owned by the individuals who use such platforms under their own names until it can be shown that the opposite is true.

    People whose phone numbers and/or email addresses were used to create social media accounts will also be held personally responsible for crimes that were committed in violation of the act as it is now changed.

    As the Honorable Magogo put it, the goal of the provision was to “provide for the regulation of social media.”

    Additionally, the measure criminalized and characterized unsolicited material, but it exempted commercial advertisements from the categorization, allowing marketers the freedom to disseminate information to audiences whom they had specifically targeted.

    Clause 5 reads in part as follows: “For the purposes of this section, “unsolicited information” means information that is given to a person using the internet without the person’s agreement; however, “unsolicited information” does not include an unsolicited commercial message.”

    Backdoor, Computer-Controlling Malware Grows Across Africa

     

    Opposition against the Bills

    The rest of the clauses were passed without any opposition, except for one vote from MP Gorreth Namugga (NUP, Mawogola County South). He voted against a clause that said people who had been convicted couldn’t hold public office or run for elections for 10 years after they got out of jail.

    In her report for the minority, Member of Parliament Namugga argued that the law contravened the constitution and pleaded with the House not to adopt it.

    “The entire bill should not be left to stand as part of our laws as all the clauses are already catered for in existing legislation and, in some instances, offends the Constitution of the Republic of Uganda; the fundamental rights to access information electronically and to express oneself over computer networks are utterly risked by this bill,” she said.

    She added: “lf passed into law, it will stifle the acquisition of information; the penalties proposed in the bill are overly harsh and disproportionate when compared to similar in others “This bill, if passed, will be a bad law and liable to constitutional petitions upon assent.”

  • Kenya Asset Recovery Agency (ARA) Drops Money Laundering Charges Against Nigerian Companies

    Kenya Asset Recovery Agency (ARA) Drops Money Laundering Charges Against Nigerian Companies

    The Kenyan Asset Recovery Agency (ARA) has dropped money laundering charges against three Nigerian companies because the source of the funds was adequately explained.
    The agency asked the High Court in April 2022 to halt any transfers or withdrawals of the three companies’ Sh5.6 billion ($48.6 million).

    At the time, it was said that the money came from money laundering and that the firm’s leaders were helped by a prominent politician. Kenyan media said that the directors of the affected companies didn’t want to meet with the ARA while investigations were still going on.

    Since then, other Nigerian businesses—Flutterwave being the most well-known—have been caught up in a web of money laundering accusations in East Africa. Kando Technologies, Kiwipay, and Korapay were a few of the startups that were involved in the dispute.
    A few people believed that these were politically motivated when the news first surfaced because Kenya was getting ready for its presidential elections. However, it also highlights how difficult it is to set up cross-border payments in Africa.

    Read also: Operators claim that South Africa’s 3G sunset is too soon

    The ARA had asserted that every company was a part of a money-laundering conspiracy, but a close source revealed that neither Flutterwave nor Korapay had conducted any business in Kenya.
    With this new development, it’s possible that the accusations against Flutterwave, Korapay, Kiwipay, and all the other concerned businesses will be withdrawn.

    Visiting Kenya’s Money Laundering Feud With Nigerian Fintechs

    The freezing of 56 accounts, many of which belonged to Nigerian fintech giant Flutterwave, was ordered by a Kenyan high court, according to an announcement made by the Kenyan website Star.co on July 6, 2022. The Asset Recovery Agency of Kenya (ARA) told the court that the accounts were probably being used to launder money, so the court decided to freeze these accounts, which had a total of Ksh7 billion ($59 million).

    Huge emotions accompanied this revelation, and although Flutterwave’s situation didn’t seem promising given its recent scandals, things weren’t looking bright for other Nigerian fintech firms either.

    A Kenyan high court once more ruled on July 14, 2021, to freeze the accounts of two further Nigerian fintech businesses, Korapay and Kandon Technologies, with the sum of ksh 45 million ($380,000).

    The ARA said that both businesses moved money in the wrong way, which caused up to $6 billion to be stolen. It was also said that there was a link between both businesses, Flutterwave and the companies it works with and accused of money laundering.
    In their public statements, both Flutterwave and Korapay have said that these claims are not true. While Flutterwave said that the accusations were untrue, it made no further mention of the situation’s facts.

    On the other hand, Korapay clarified that the relevant frozen money is absolutely a requirement for obtaining a payments processing license in Kenya.
    However, the problems are serious, and Kenya has previously blacklisted several Nigerian businesses. The Kenyan government has so far placed a billion dollars worth of funds that belonged to Nigerian businesses on ice.

    Globally, there are extremely strong laws against money laundering, and they need to be revised frequently. The UN thinks that people who try to hide where illegally obtained money came from creating between 2% and 5% of the global GDP, or between $800 billion and $2 trillion, using foreign banks or legal businesses as fronts.

    Money laundering schemes can involve a business or its founder directly, or customers of financial institutions can find ways to get around the law to speed up their criminal prosecution.

    Because of the risk of financial loss, organized crime, and terrorism, the financial industry has some of the strictest rules in the world. Despite the rigorous laws that financial services organizations must follow, money laundering nevertheless drains the global economy of an average of $1.6 trillion per year.

    Flutterwave Denies Money Laundering Allegations

     

    Observations

    According to research, Fintechs have higher risks than traditional financial companies. Traditional finance companies have long struggled to keep up with the dynamism of fraudsters who keep coming up with new ways to launder money.

    The emergence of fintechs has changed how the world views the financial services industry. Due to their rapid growth and a large number of transactions, fintechs are vulnerable to several bad actors who may be hard to control. Kenya’s Proceeds of Crime and Anti-Money Laundering Act (POCAMLA) 2009 has a lot of rules to stop money laundering schemes and other serious financial crimes.

    An airtight system is never completely secure, and when the organization in question is a fintech, this might happen frequently. In light of this, regulators either modify or update any current frameworks.

    Kenya’s Proceeds of Crime and Anti-Money Laundering Act (POCAMLA) 2009 has a lot of rules to stop money laundering schemes and other serious financial crimes.
    Because of this, the ARA was made. Its job is to find, identify, freeze, seize, and take away the money made from crimes in Kenya. The National Financial Intelligence Unit is a comparable organization in Nigeria (NFIU).

    Regulation-related problems frequently do not reach the ARA. The burdensome task of making sure financial services providers adhere to these rules is carried out by the Central Bank of Kenya (CBK). When businesses don’t follow these rules and the CBK can’t keep an eye on them directly, the ARA will have to step in.

    In most countries, when a bank notices a questionable transaction, it marks the account as suspicious and asks the consumer to explain its purpose. In more severe situations, In Nigeria, the bank could tell the NFIU what happened, or if it was a big enough deal, the organization could get involved.

    It’s important to note that even if the ARA freezes the accounts, it will still need to establish if the persons in question committed any violations.
    So far, the agency has gotten some well-known court rulings that froze the bank accounts of questionable companies.

  • IEBC Records 200 hacking Attempts, During Kenya Elections

    IEBC Records 200 hacking Attempts, During Kenya Elections

    In the midst of the ongoing Kenya general elections, the Independent Electoral and Boundaries Commission (IEBC) has announced that there were around 200 attempts made to breach the system between Thursday, 4:00 pm and Friday, 8:00 am.

    This was affirmed by an insider that reported on the happenings on Friday. 

    However, IEBC has given the Kenyan people its word that the information technology system they use to transmit election results is secure.

    “Nothing has happened. We anticipated that there would be people who would try to hack, but we are monitoring the systems and all are safe, “he said.

    Read: Sendy, Kenyan Logistics Company, Lays off 10% workforce

    Kenyan Election Hacking Attempts 

    According to The Star, a representative of one of the major parties made an effort to get into the system when they were at the National Tallying Centre in Bomas. In the latter part of the same day, officers from the IEBC prevented a person who was suspected of being a party agent from seizing and fleeing with an IEBC device.

    Nation Africa also said that two different media organizations had their systems hacked, with one having their data tampered with and the other having their systems attacked.

    On Friday, false information was spread that the systems had been hacked.

    While speaking to the media at the Bomas, CEO Hussein Marjan said they had taken precautions to secure the safety of the results forms and the data created from them.

    Marjan was responding to rumours that some people had tried to break into the system to put in an algorithm that would change the results.

    “Nothing like that has happened. We anticipated people would try to infiltrate the system and put safeguards in place. They know people are not sleeping; they want to ensure our systems are down,” he said.

    “We assure the whole country that our systems are secure.” If in doubt, talk to us to scale up the security mechanism. “

    Kenya’s Tech Startups Benefit from Enhanced Enterprise Financing

    Election Vote Counting Procedure

    The Independent Electoral Boundaries Commission (IEBC) gave media groups and civil society organizations permission earlier this year to set up a competing counting centre. This centre will collect and tabulate the results of the elections that will take place in August.

    According to Wafula Chebukati, the Chairperson of the IEBC, the decision was made to increase the election’s transparency.

    “The media houses, political parties and candidates are free to have their own parallel tally,” he said after meeting media stakeholders in Nairobi.

    Still, Chebukati said again that the law says that the Independent Electoral and Boundaries Commission (IEBC) will be the one to announce the winner of the close election.

    “You can count the results, but, of course, do not declare them.” “That one you leave to me,” he said.

    The Nation reports that it took IEBC a long time to be ready for the count, which sparked various allegations and criticisms.

    There are a lot of other news organizations that are experiencing delayed tally as well, since they do not have the manpower to keep up with the pace that the IEBC is working at.

    People have remarked that the slow pace of tally was because of a lack of capacity due to poor planning and unpreparedness or an inability to manage what are essentially rudimentary processes.

    Coding Becomes School Subject in Kenya

    Observations

    The Independent Electoral and Boundaries Commission (IEBC) is supposed to announce the official results of Kenya’s presidential elections tomorrow, August 16. This is how the rules for Kenyan elections work. While the IEBC is tallying the votes, it’s possible that quarrels may be going on at Bomas until then. After many loud fights between opposition parties caused delays and raised suspicions of cheating at the counting centre, IEBC commissioner Abdi Guliye told politicians and anyone else who didn’t have a remarkable job to leave the centre.

  • Scammers Hire Uber To Take Old Woman to the Bank

    Scammers Hire Uber To Take Old Woman to the Bank

    Internet scam has become rampant today, where con artists utilize every loophole on the internet to loot their victims. Techpression also reported an event where the black axe infiltrates Irish banks and IT firms to commit fraud. Therefore every individual should be on the watch.

    Here is and also event where scammers sent an uber to take an older woman to the bank to make her transfer a certain amount of money to them.

    Towson, a Maryland-native Travis Hardaway, an app developer who formerly worked as a music educator, according to Hardaway, his mother responded to an email she received from Best Buy/GeekSquad about an appliance installation about a month ago. 

    According to Hardaway, the fraudulent email could not have come at a more inopportune time: The dishwasher that belonged to his mother had recently stopped working, and she had recently paid to have a brand new one delivered and set up in the home.

    In order to ensure that an 80-year-old woman who responded to a well-timed email scam went to the bank and wired the fraudsters the money, email scammers sent an Uber to her home. Her story is a stark reminder of the lengths criminals will go to con their victims, even if she figured out she was being conned before she set out for the bank.

    Hardaway, who is the son told KrebsOnSecurity “I think that’s where she got confused because she thought the email was about her dishwasher installation,” 

    Read: Cybersecurity Experts Discover Fake Windows 11 Upgrades

    How It Started

    According to Hardaway, his mother dialled the phone number that was provided in the fake BestBuy email and was informed by the scammers that she owed $160 for the installation of the new system. At the time, this information seemed reasonable. After that, the con artists requested that she put remote administration software on her computer so that they could control it from a distance and assist her in completing the transaction by sending the money.

    After she logged into her bank and savings accounts with scammers observing her screen, the fraudster on the phone claimed that instead of taking $160 out of her account, they had accidentally transferred $160,000 into her account. 

    This occurred after she had logged into her bank and savings accounts. They told her they required her assistance to guarantee that the money would be “returned.”

    “They took control of her screen and said they had accidentally transferred $160,000 into her account,” Hardaway said. “The person on the phone told her he was going to lose his job over this transfer error, that he didn’t know what to do. So they sent her some information about where to wire the money and asked her to go to the bank. But she told them, ‘I don’t drive,’ and they told her, “No problem, we’re sending an Uber to come to help you to the bank.’”

    Mother Escaped Being Scammed

    Hardaway stated that he was out of town when all of this transpired and that happily, his mother eventually became frustrated and gave up attempting to help the scammers.

    “They told her they were sending an Uber to pick her up and that it was on its way,” Hardaway said. “I don’t know if the Uber ever got there. But my mom went over to the neighbour’s house, and they saw it for what it was — a scam.”

    Furthermore,  Hardaway said he has now reinstalled the operating system on her computer, reset her passwords, and wiped her hard drive clean. However, he claims that the event has left his mother feeling shaken.

    “She’s really second-guessing herself now,” Hardaway said. “She’s not computer-savvy, and just moved down here from Boston during COVID to be near us, but she’s living by herself and feeling isolated and vulnerable, and stuff like this doesn’t help.”

    Observations

    Every year, millions of elderly people in the United States fall prey to some form of financial fraud or confidence scheme. These scams can take many forms, including those involving romance, lotteries, and sweepstakes, to mention a few. Once they have gained their victims’ confidence, criminals can contact them directly through the internet, the phone, and the mail, or indirectly through the television and radio. Swindlers are inclined to continue a plan after it has shown effectiveness because they stand to make considerable additional financial benefit from doing so.

    According to the Federal Bureau of Investigation (FBI), elderly people are frequently the focus of criminal activity because of their propensity to be trustworthy and kind. More significantly, they typically have financial savings, own property, and have high credit, all of which make them appealing targets for scammers. Scammers target people with these characteristics because they are easier to take advantage of.

    “Additionally, seniors may be less inclined to report fraud because they don’t know how, or they may be too ashamed of having been scammed,” the FBI warned in May. “They might also be concerned that their relatives will lose confidence in their abilities to manage their own financial affairs. And when an elderly victim does report a crime, they may be unable to supply detailed information to investigators.”

    In 2021, the Internet Crime Complaint Center of the FBI reported $1.7 billion in losses from more than 92,000 victims over the age of 60. (IC3). Over the next year, the FBI expects a 74% rise in the number of reported thefts.