A hacking group that claims it fraudulently collected Social Relief of Distress (SRD) grants and infiltrated South Africa’s financial system through vulnerabilities at credit bureaus has released additional information as proof of its statements.
A group calling itself N4aughtySecGroup contacted the media with a warning that it had breached several credit bureaus and used its access to attack the South African government and local organizations.
The group said they had stolen from the South African Social Security Agency (Sassa) by fraudulently registering thousands of R370 per month SRD grants and claiming $10 million (R175 million).
A spokesperson for the group told MyBroadband they were able to do this thanks to data they obtained from TransUnion, Experian, and XDS through leaks and breaches.They said they used data obtained in attacks on the bureaus to fraudulently register grants and open over 100,000 bank accounts in people’s names for money to be paid into.
Following denials from the credit bureaus that they had been breached, and statements from the banks assuring that any leaked data didn’t come from their systems, N4aughtySecGroup released more data to prove their claims.
This included screenshots of payment confirmations showing funds transferred between TymeBank accounts and an Investec account.They also released several text files showing dozens of the TymeBank accounts they allegedly used to collect the fraudulent SRD grants.
MyBroadband contacted TymeBank for comment on the development.
“We have reviewed the latest data provided by MyBroadband and are confident that the TymeBank systems have not been breached,” said TymeBank chief technology officer Bruce Paveley.
“We maintain that this data has been obtained from another party that customers may have engaged with separately. Paverley said the data the attackers provided appears to be a few months old. Our investigation indicates the accounts in question are low transaction value accounts with very limited functionality and transaction limits,” he said.
“All banks offer these types of accounts as a way of providing basic transactional functionality, as is the case with cash wallets. Paverley said they have multiple preventative measures to detect fraud and prevent potential syndicates from accessing accounts fraudulently. We work closely with all our partners, industry bodies and government departments to mitigate fraud where possible.”
TymeBank confirmed that some of the accounts in the files sent by the hackers were flagged as suspicious. Asked whether any of the accounts received grant payments, TymeBank declined to answer specifically. Tymebank enables payments requested by Sassa while following an agreed process
Investec said, it routinely monitors their system to report to relevant officials in line with their mandate
“However, we can confirm that Investec routinely monitors client accounts and/or client activity in line with relevant policies and guidelines, and further, reports to the relevant authorities in line with our regulatory obligations.”
Weeks before N4aughtySecGroup’s re-appearance, two Stellenbosch University computer science students, Joel Cedras and Veer Gosai, published their report about massive fraud they had uncovered in Sassa’s systems. After discovering SRD grants and bank accounts registered in their names, Cedras and Veer investigated the security flaws in Sassa’s systems
They found that they could query Sassa’s application programming interface (API) at a rate of 700 records per minute without being challenged.
MARKETS:
CURRENCIES
USD/ZAR
17.63/-0.34%
Weak
EUR/ZAR
19.31/-0.09%
Weak
GBP/ZAR
23.07/-0.10
Weak
COMMODITIES:
PLATINUM
954.58/-0.02%
Weak
GOLD:
2,615.34/-0.25%
Weak
BRENT CRUDE
76.56/0.08%
Stable
JSE:
ALL SHARE
85,336.90/-0.18%
Weak
INDUSTRIALS
118,863.00/0.25%
Stable
FINANCIALS
20,749.50/-0.80%
Weak
RESOURCES
56,781.10/0.08%
Stable
TOP 40
77,334.10/-0.18%
Weak
MID CAPS
90,258.40/-0.00
Closed
Financial data provided by: iress, 15min delay
Wolmaransstad Link sponsored by: Medioq
Updated: 08:34 30 January 2025 Thursday
Visit us on our Medioq website:
https://www.medioq.com/za/wolmaransstad/109641224868699/wolmaransstad-link
#WolmaransstadLinkBusiness
