bank-of-uganda

Unknown individuals have made four attempts to illegally transfer US$24 million (UGX81 billion) from the Bank of Uganda to accounts located outside the country.

Officials within the Government of Uganda are believed to have shared passwords with tech-savvy individuals who then logged in to the financial management system and targeted the accounts of the Defence, Energy and Agriculture ministries and the Uganda National Roads Authority (UNRA). 

These accounts routinely handled large transfers, so the planned theft would have appeared as a normal transaction at the time.

The transactions were initiated through the Integrated Financial Management Information System (IFMIS) at the Ministry of Finance, an information system meant to keep track of transactions carried out by and on behalf of the Government.

The payments were to be processed through Bank of Uganda and wired to fictitious companies in Hong Kong and the United Arab Emirates.

US$8 million (UGX27 billion) was wired to banks in Hong Kong and the United Arab Emirates, but this has since been retrieved through inter-bank procedures and returned in February 2016.

The first of three attempted transfers happened in July 2015, when US$12 million (UGX40 billion) was targeted. The plot was foiled, but this did not deter the individuals, who then attempted to steal $2 million (UGX6.7 billion) in December 2015.

In January 2016, another attempt was made to withdraw US$2.3 million (UGX8 billion) but the transaction was detected and terminated.

The Ministry of Finance first notified Uganda Police of the breach of security when the first attempt was made in July. Three suspects have since been arrested and are in police custody.

While IFMIS as an information system is secure, it is unclear how the fake companies were registered on the system, raising suspicions of possible collusion between government officials and hackers outside the country.

The attempted fraud comes three years after Uganda instituted financial integrity measures to seal loopholes following the theft of US$17 million (UGX60 billion) in donor funds meant for northern Uganda from the Office of the Prime Minister.

Kenya has also seen similar losses through fraudulent transactions carried out on IFMIS. 791 million shillings (US$ 7.8 million) cannot be accounted for, and the circumstances around that loss are similar to what has happened in Uganda.

Systems such as IFMIS have been introduced as a means to eliminate corruption, but they are not entirely foolproof. Where there’s a will, there’s a way, especially when the will is to break into and steal from a system designed to prevent theft.

The major weak point appears to be shared passwords and remote access, meaning that individuals can log in and impersonate government officials, creating accounts and initiating transfers to these accounts. The theft is likely to continue as long as these transactions are carried out without oversight and approval.

Read this next
More From TC
Moyin_Adeyemi_My_Life_In_Tech

My Life In Tech is putting human faces to some of the innovative startups, investments and policy formations driving the technology sector across Africa. I’m on a treadmill trying to complete a two minute stretch of intense run when I feel some pain on my right knee and I fleetingly ask myself ‘What Would Moyin […]

social_media

The 2019 version of an anti-social media bill has been read for the second time on the floor of the Nigerian Senate, paving the way for its passage into law. Titled Protection from Internet Falsehood and Manipulation Bill 2019 (SB 132), it brings a government hammer into conversations hosted on social media platforms. Twitter and […]


TechCabal is a Big Cabal Media brand



Copyright © 2019
All rights reserved

Privacy & Terms