Tag: theft

By Warren Thompson for Business Day 

The South African Reserve Bank painted a grim picture on Monday that suggests as much as 75% of VBS Mutual Bank’s assets may have been stolen by its executives and directors.

“It’s a travesty that the failure of management put so many depositors at risk,” said Bank governor Lesetja Kganyago, at a media conference on the curatorship of VBS.

“Institutions such as banks rely on the governance processes, but when it’s the people responsible for the bank that are the ones perpetrating the crime, no amount of regulation can prevent that,” he said.

VBS, which was formed as a building society in the former Venda homeland, came to national prominence in 2016 when it gave former president Jacob Zuma a R7.8m loan after he was ordered to repay the state for upgrades made to his Nkandla home.

The bank’s failure may yet have grave consequences for municipalities in some of the poorest parts of the country, which stand to lose almost all of the R1.6bn they deposited with VBS, increasing the risk of budget shortfalls and violent protests that could result from a lack of service delivery.

Curator Anoosh Rooplal’s timing of the action he instituted on Friday to recover more than R1.5bn from the bank’s largest shareholder, Vele Investments, as well as from the bank’s executives and directors, was done to prevent further “dissipation of assets”.

But the amount of money stolen relative to the bank’s total assets is harder to establish, partly because the bank deliberately misled the regulator and also due to problems with the quality of its audit, which led the bank to withdraw its 2017 financial results.

Rooplal did not rule out seeking damages from the bank’s external auditor, KPMG, and the bank’s internal auditor, PwC, when the forensic report is completed towards the end of August.

According to the bank’s last available annual financial statements to end-March 2016, the bank had total assets of just more than R1bn.

By the end of January 2018, according to data provided by VBS to the Reserve Bank, the bank held total assets of R2bn, meaning it had doubled its balance sheet in the space of two years.

When asked what, if any, part of VBS’s loan book was performing, the curator said that the home loan mortgage book of about R400m was behaving consistent with credit extended under arms-length credit agreements.

The performance of the vehicle finance book was mixed, with the curator noting a deterioration in the credit quality in the months leading up to the intervention by the Reserve Bank.

Based on a balance sheet of about R2bn, and with the curator seeking to recover R1.5bn from the “perpetrators of the fraudulent scheme”, it seems possible that as much as 75% of the bank’s balance sheet has disappeared.

Retail deposits

But there was relief for small depositors, with the Reserve Bank announcing that it has obtained a guarantee of R330m from the Treasury should it fall short in recovering the money owed to them.

The Bank announced last week that retail deposits, which include individuals, burial societies and stokvels, would be guaranteed to a maximum of R100,000 per customer.

This means that 97% of all depositors at the bank will be refunded their entire savings.

Stock losses, fraud not top-of-mind in SA

South African businesses need a different mindset to address ongoing stock losses and fraud.

In the absence of a “proper” risk mitigation plan and loss control blueprint, South African business owners will never really address the critical levels of theft and fraud impacting on our economy, according to commercial investigator and international risk consultant, Kyle Condon (Managing Director at D&K Management Consultants).

“Experience has taught me that trust and effective loss control do not go together. We live in a society that has criminal presence constantly lurking around us. Old style security measures and trusting of everybody have left businesses open to losses like an open wound exposed to a sewer. Employees need to be watched continuously and loss control tactics need to be revised to accommodate this,” says Condon.

With many businesses operating on shoe-string budgets, security is often one of the first things to go. Ironically, says Condon; “it should be one of the portfolios that get additional budget assistance. When, companies cut security, those employees that were always dissuaded from going through with criminal action often go over the edge and ‘raid the cookie jar’.”

While South Africa has one of the most corrupt governments sketched on the political portrait, expecting every employee to behave in a moral honest way is far from realistic. We see what our leaders do and follow suit.

Sadly, most companies choose to ignore this red flag and continue to fool themselves into believing that the presence of a uniformed security officer or two is adequate to prevent and deal with internal criminal activity. Condon believes that “old school” security is a thing of the past. “It is time we accept that our businesses, like our homes, require proper defences,” states Condon.

So, what exactly does this mean?

“Our business sector has major structural employment weaknesses, due largely to political pressures, window-dressed appointments and fear of union retribution, this has led to a breakdown of strong policies and procedures that existed in the past. Many managers are just too afraid to confront the issues or speak out in fear of being branded or painted with the race brush. And, as a result, policies and zero tolerance are eroded. Unions have gained a lot of power, often holding companies to “ransom” when it comes to enforcing strong security measures. Polygraphs, for example, are always declined by Union reps, searching procedures get labelled as an invasion of one’s privacy, etc. Old school security methods have been watered down to create a mere ‘illusion of loss control’,” he says.

Modern day loss control and security plans must include the following key concepts:

• Internal investigation specialists (undercover agents) deployed as, I like to say, ‘modern day spies’.
• Quarterly sweeping and debugging of executive offices and meeting rooms.
• Strike action plans, designed specifically for the individual company and its employees to provide proper Duty of Care during strike action.
• Alignment with a reputable forensic investigator or company who understands the methods, methodology and principles of fraud and financial crimes, in the workplace.
• Thorough pre-employment screening of new candidates, including checking of criminal records through fingerprinting.
• A steadfast CCTV viewing plan conducted off site by an independent viewer, providing monthly viewing reports covering all aspects of risky behaviour, suspicious actions and overall health and safety concerns.
• Travel risk reports, for employees traveling to potentially hostile environments both locally and internationally. This would include arranging VIP protection, where needed.
• Annual security surveys to address all shortcomings of the physical security measures of the business.
• Due diligence must become part and parcel of the sales teams’ portfolios, before stock or material leaves for suspicious clients an investigation unit should first check out that all is above-board, and that you are not being scammed.
• Handing over the time consuming and demanding security portfolio to a dedicated and qualified loss control manager.

“I do not agree with companies splitting up the security portfolio and contracting various players for various things. Managing this portfolio is a job that requires full time participation. This is exactly what D&K Management Consultants does for its clients. We provide the correct expertise in one unique portfolio designed around modern-day risk,” says Condon.

“We are in many ways a country at war with itself, and business is not spared any of the risks that a ‘war’ environment brings. Therefore, defending your company requires a modern day ‘warfare’ approach. Intelligence, logic, expertise and strategy have replaced uniforms, guns and electric fences to a large extent”, Condon says, as he smiles.

Craig Wright, the self-proclaimed inventor of Bitcoin, is accused of swindling more than $5-billion worth of the cryptocurrency and other assets from the estate of a computer-security expert.

Wright, who claimed in 2016 that he created the computer-based currency under the pseudonym Satoshi ‎Nakamoto, allegedly schemed to use phony contracts and signatures to lay claim to bitcoins mined by colleague Dave Kleiman, another cryptocurrency adherent, who died in 2013, according to a lawsuit filed by Kleiman’s brother.

Kleiman’s family contends they own the rights to more than 1 million Bitcoins and blockchain technologies Kleiman mined and developed during his lifetime and that the assets’ value exceeds $5 billion, according to the Feb. 14 filing in federal court in West Palm Beach, Florida.

“Craig forged a series of contracts that purported to transfer Dave’s assets to Craig and/or companies controlled by him,’’ lawyers for Kleiman’s family said in the complaint. “Craig backdated these contracts and forged Dave’s signature on them.’’

Wright, an Australian who lives in London, couldn’t immediately be reached for comment on the suit, which also accuses the entrepreneur of violating partnership duties to Kleiman and unjustly enriching himself at his colleague’s expense. There is no attorney listed for Wright on the docket.

Wright and Kleiman formed a Florida-based company, W&K Info Defense Research LLC, in 2011 to focus on cybersecurity, according to the court filing. The pair also had earlier worked together on the development of Bitcoin and had extensive mining operations, according to the family’ s lawsuit.

The pair controlled as many as 1.1 million Bitcoins at the time of Kleiman’s death, according to the suit. They were held trusts set up in Singapore, the Seychelles Islands and the U.K., the suit says.

Wright said in a 2016 blog post and interviews that he was the main participant in a team that developed the original Bitcoin software under the pseudonym Satoshi Nakamoto. After skeptics questioned the claims, Wright said that he decided not to present any further evidence to prove that he is the creator of Bitcoin.

In the filing, Kleiman’s brother includes what he says is email traffic between himself and Wright in which the entrepreneur indicates he may have been holding 300,000 of Kleiman’s Bitcoins.

Dave “mentioned that you had 1 million Bitcoins in the trust and since you said he has 300,000 as his part,’’ the computer expert’s brother wrote. “I was figuring the other 700,000 is yours,” he added in the email. “Is that correct?”

“Around that,” Wright wrote back. “Minus what was needed for the company’s use.”

The case is Ira Kleiman v. Craig Wright, No. 18-cv-80176, U.S. District Court for the Southern District of Florida.

Source: MyBroadband

British man in Bitcoin heist

Armed robbers broke into the family home of a city financier turned Bitcoin trader and forced him to transfer the digital currency at gunpoint, in what is believed to be the first heist of its kind in the UK.

Four robbers in balaclavas forced their way into the home of Danny Aston, 30, who runs a digital currency trading firm, before reportedly tying up a woman and forcing Mr Aston to transfer an unknown quantity of the cryptocurrency.

Mr Aston lives in the picturesque village of Moulsford in South Oxfordshire, where episodes of Midsomer Murders have been filmed, in a rented four-bedroom converted barn estimated to be worth at least £700,000 on a private drive.

Police were called at around 9.40am on Monday to attend the home after raiders are reported to have entered the property by kicking down the door.

The Mail on Sunday reported that the men tied up a woman and kept a baby outside in a pram while forcing Mr Aston to transfer the Bitcoin. The value of a single Bitcoin is now around £8,000.

A neighbour confirmed on Sunday the property where the violent burglary took place, but said that Mr Aston and a woman believed to be his partner left Moulsford on Monday to stay with relatives and have not returned.

They said: “I was not here at the time, but I know the couple have left and are staying with relatives, they haven’t been back since.

“We are all obviously a bit shaken up, even though a few days have passed now. It is not what you expect to happen around here.”

Mr Aston – who lives with his 31-year-old business partner Amy Jay, according to the latest Companies House records – previously worked at Trayport, a London-based financial software company that operates a platform for trading energy commodities.

In June 2017, he established his own digital currency firm just before Bitcoin’s huge surge in value in July, according to Companies House.

Both Mr Aston and Ms Jay are listed online as directors of Aston Digital Currencies Ltd, and a company called Butler Hosting, which specialises in “data processing, hosting and related activities”.

A user named Danny Aston has previously been active on trading site Poloniex, which allows users to trade and store digital currency.

A local resident described the victim of the attack as well-known, but suggested that the small village community had been left dazed by the news.

“Everyone is shocked I think,” he said. “We think we live in a safer space, and then this happens and everyone gets scared.”

The village of Moulsford is home to two schools and a girl from Cranford House Prepatory School described how the students were told to get to safety as the armed robbery happened nearby.

She said: “We were all told to get down on the floor and stay in the middle of the schoolroom. All the curtains were closed and the doors locked. No-one knew what was going on but it was scary to say the least.”

Bitcoin is a digital currency that allows users to trade anonymously and securely across the internet without regulation or a central bank

It is understood that although Bitcoin’s secrecy will make the theft in Moulsford much more difficult for the police to investigate, there is a chance that the stolen currency will appear on the market as thieves try to exchange it into conventional money.

In the last 12 months, Bitcoin’s value has risen over 1000 per cent. It hit an all-time high on 17th December, when it was worth over £13,500.

A police spokesman said: “Thames Valley Police is investigating an aggravated burglary which occurred at a property in Moulsford on Monday.

“Officers were called at about 9.40am to a report that offenders had entered a residential property off Reading Road and threatened the occupants. No one was seriously injured during the incident.

“An investigation into the incident is underway and officers attended nearby Moulsford School as a precautionary measure. It is not believed there was a threat to anyone at the school.

“Officers are particularly interested in speaking to anyone travelling through the village on the A329 Reading Road between 7.30am and 10.30am on Monday who has Dashcam footage or anyone with mobile phone footage.

“People in the local community may notice an increased presence of officers in the area while our enquiries are ongoing. The investigation is in its early stages however initial enquiries suggest this may be a targeted incident.

“No arrests have been made at this stage.”

By Tony Diver for The Telegraph 

Bhisho committee members were gobsmacked on a visit to a school in Addo on Tuesday when they found that a shop was selling stationery supplies issued by the Department of Education.

The matter was promptly reported to police and a foreign national was arrested.

However‚ the man was released later due to lack of evidence.

Eastern Cape legislature education portfolio committee chief building inspector Andisiwe Tyoto said the committee had been shocked to learn on Monday that learning and teaching support material (LTSM) delivered to a school in the town was being sold at a third of its value at a spaza shop near the Addo taxi rank.

Tyoto said that while visiting Samkelwe Senior Secondary School as part of an annual oversight visit to inspect school readiness and other issues in the province‚ the committee was informed by a staff member that the pupils’ stationery supply packs were being sold for R69.99.

“We were informed that there was a shop selling these packs with the department’s stamp and emblem on them.

“We informed the police and accompanied them to the shop‚ where the goods were confiscated and [a man] was arrested‚” Tyoto said.

By Tremaine van Aart for The Herald / TimesLive

 

A new banking scam whereby fraudsters remotely take control of your PC over the Internet to gain access to consumer’s online banking profile is currently doing the rounds.

This is according to First National Bank (FNB), which alerted consumers about the latest festive season scam.

In a statement, FNB says fraudsters are sending unsuspecting consumers fake emails notifying them that fraud has occurred on their respective bank accounts’ or credit cards.

Soon after the email is sent the customer receives a call from a fraudster claiming to be from their bank and offers to help block any fraudulent transactions by first requesting the customer to install “protection” software on their computer, which allows the fraudster to gain full control of the computer remotely.

Kovelin Naidoo, cyber security officer at FNB, says fraudsters are employing carefully constructed scamming tactics that have the ability to trick even the most vigilant customer if they are not aware of the modus operandi.

“If someone calls you and requests your personal banking details or to install remote access software on your computer, please end the phone call and contact your banks’ fraud contact centre. FNB will never ask you to share your OTP to reverse pending transactions or to block your banking profile,” cautions Naidoo.

He adds: “As access to banking services through digital channels continues to grow, so does the prevalence of banking scams, therefore we urge consumers to always be vigilant and familiarise themselves with the different types of digital banking fraud, as well as the security measures provided by their respective banks.”

How fraudsters use the software to defraud consumers:

  • The fraudster calls the customer and offers to help them block any fraudulent transaction by asking him/her to download and install “protective” PC software.
  • The customer downloads the software, and with the help of the fraudster, installs it.
  • Once the software is installed, the fraudster asks the customer to log into his/her personal online banking profile.
  • After logging in, the customer’s computer goes blank. Shortly afterwards, he/she starts receiving OTP (one-time pin) SMS’ to confirm transactions he/she did not perform.
  • The fraudster then reassures the customer that these are fraudulent transactions and requests that he/she forwards the OTPs so that they can be blocked or reversed immediately.
  • The fraudster then uses the OTPs forwarded to him/her to process the pending transactions and defrauds the customer.

Source: IT Web

The rapidly evolving story about Moscow-based Kaspersky Lab’s involvement in helping Russian government hackers steal sensitive National Security Agency materials has taken yet another turn, as The Wall Street Journal reports that the assistance could have come only with the company’s knowledge.

Wednesday’s report, citing unnamed current and former US officials, said the help came in the form of modifications made to the Kaspersky antivirus software that’s used by more than 400 million people around the world. Normally, the programs scan computer files for malware. “But in an adjustment to its normal operations that the officials say could only have been made with the company’s knowledge, the program searched for terms as broad as ‘top secret,’ which may be written on classified government documents, as well as the classified code names of US government programs, these people said.”

The report is the latest to detail a 2015 event in which an NSA worker—described as a contractor by the WSJ and an employee in articles from The Washington Post—sneaked classified materials out of the agency and onto an Internet-connected computer that had Kaspersky AV installed on it. The WSJ, WaPo, and The New York Times have all reported that hackers working for the Russian government were able to home in on the documents with the help of the Kaspersky software.

On Tuesday, the NYT was first in reporting that NSA officials first learned of the help provided by Kaspersky AV from Israeli intelligence officials who had hacked into Kaspersky’s corporate network and witnessed the assistance in real time.

Wednesday’s report is the first to explicitly say the assistance wasn’t the result of a covert hack or the exploitation of an inadvertent weakness but rather likely came with the knowledge of at least one Kaspersky official.

“There is no way, based on what the software was doing, that Kaspersky couldn’t have known about this,” the WSJ quoted a former US official with knowledge of the 2015 event saying. The official went on to explain that the Kaspersky software was designed in a way that it would have had to be programmed to look for specific keywords. Kaspersky employees, the official continued, “likely” would have known such a thing was happening. The evidence, Wednesday’s report said, has now caused many US officials to believe the company was a “witting partner” in locating the materials on the home computer.

In a statement issued Wednesday, Kaspersky officials wrote:

Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question, and the company reiterates its willingness to work alongside US authorities to address any concerns they may have about its products as well as its systems.
The company has long maintained it has no inappropriate ties to any government, including Russia’s, and vigorously defends against all malware threats.

Meanwhile, Reuters reported that German officials had no evidence to back the reports Kaspersky AV played a role in the theft of the NSA materials and had no plans to warn against the use of the software. Last month, the US Department of Homeland Security took the unprecedented step of banning all federal government agencies and departments from using any Kaspersky goods or services.

The WSJ went on to report that US intelligence agencies spent months studying and experimenting with Kaspersky software to see if they could trigger it into behaving as if it had discovered classified materials on a computer being monitored by US spies. “Those experiments persuaded officials that Kaspersky was being used to detect classified information,” Wednesday’s report said.

By Dan Goodin for ARS Technica 

ID theft booms in SA

Statistics from the South African Fraud Prevention Service (SAFPS) show that identity theft has increased by 200% over the past six years.

Manie van Schalkwyk, the executive director of the SAFPS, says you should avoid “investment” schemes that promise unrealistic returns.

“Consumers also regularly fall victim to several types of advance-fee fraud and often divulge their personal details in the hope of winning a prize in a competition that they never entered,” Van Schalkwyk says.

He says you should do the following to prevent your identity from being stolen:
• Treat your identity document, driver’s licence and personal documents as you would cash. Do not leave them lying around the house or in your car.
• Shred documents before throwing them away.
• Clear your letterbox regularly, particularly if you live in a complex where letterboxes are accessible to a number of people.
• Do not click on URLs (links to websites) in SMSes or emails unless you have initiated the transaction and are certain they are from an authentic source.
• Be cautious about sharing your personal information, particularly when applying for services online.
If you lose your identity document or credit card, Van Schalkwyk says you should contact the SAFPS to apply for protective registration on its database.

“The benefit of protective registration is that all member organisations, including banks, clothing and furniture retailers, and some insurance companies, have access to the SAFPS database, and any identity theft or fraud will be flagged and can be prevented. This is a free service.”

To apply for protective registration, SMS the word “Protectid” to 43366, phone 011 867 2234 or 0860 101 248, or email safps@safps.org.za

Source: Fin24

The hashtag #datamustfall is currently trending on Twitter where people are calling for an end to high data prices.

Consumers have once again become fed up with the high cost of mobile data in South Africa.

Apart from the cost of data, users are also complaining that cellular providers should not be able to set “expiry” dates on data – and that once purchased, data should be the users’ to keep.

A recent Facebook post on the matter went viral when it was shared over 7 500 times, sparking a resurgence in the anger towards SA’s main providers: Cell C, MTN, Vodacom and Telkom.

The questions consumers are now asking revolve around whether this is tantamount to theft, and what impact it has on the country’s small businesses – and the poorest sections of society.

Poet and activist Ntsiki Mazwai has called on South Africans to boycott all social media platforms from midnight.

The social media blackout campaign has the following aims:

“The social media blackout is a campaign that is aimed at lowering data prices. Data costs are obscene and are not affordable for people on the ground. We want to bring attention to this issue; we want to engage government and cellular network companies.”

Mazwai says that from midnight people should log off social media.

“We don’t buy data for 24 hours, we will meet back on social media the following day to discuss the way forward. Why should data expire after 30 days when you’ve paid for it?”

She has encouraged people to take part in the campaign because it is too expensive to access information.

“We keep talking about #feesmustfall but how must students access information or hand in assignments if data costs are so high? This has a negative impact on entrepreneurs and our families because we can’t communicate with them.”

Mazwai has further called on the country to unify for a good cause.

Refilwe Pitjeng for EWN; My Office News

In a piece of advice that seemingly contradicts everything else we’ve ever heard, GCHQ has recommended you should change your password less often.

According to the spy agency’s cybersecurity arm, forcing people to change their passwords regularly is ineffectual, because they are likely to choose a new password that is very similar to the old one.

They are also more likely to write the new password down, for fear of forgetting it. This increases the risk of the password falling into the wrong hands.

“Attackers can exploit this weakness,” says the Communications-Electronics Security Group (CESG). “The new password may have been used elsewhere, and attackers can exploit this too.”

Instead of forcing a changed password at regular intervals, it recommends organisations provide users with information on when their account was last activated.

GCHQ says sticking to the same password for a long time – unless it’s something like ABC123 – is a good idea.

The news comes as a new study into online privacy reveals that one in three Brits secretly know their partner’s passwords .

The survey by money-saving website VoucherCodesPro has revealed the UK’s attitude to trusting loved ones with our passwords .

It discovered that almost three quarters of us have looked through social media messages on someone else’s account without their permission.

The team responsible for the study polled 2,211 UK adults between 18 and 45 who have been in their current relationship for at least two years.

Initially respondents were asked if their partner let them access their social media channels when they wanted to; 51% of respondents stated they did. Respondents were then asked if their partner had let them know their password for social media channels, 21% stated they had.

Following straight on from this, all respondents were then asked if they knew their partner’s password without them being aware of this – with 34% stated they did.

Researchers asked these participants how it was they found their partners password out, 59% stated they ‘guessed’ it, 37% said they ‘keyboard watched’ and the remaining 4% asked their partner’s friends.

As to what those sneaky snoopers got up to once they’d accessed their partner’s accounts – the researchers provided a list:

  • Looked through social media messages – 74%
  • Looked through the photo gallery – 59%
  • Looked through emails – 54%
  • Looked through browser history – 46%
  • Looked through bank statements – 39%

George Charles, spokesperson for www.VoucherCodesPro.co.uk , made the following comments regarding the study:

“Being open with your partner is incredibly important and snooping at their social media channels or any private documentation just isn’t the way to achieve a healthy relationship,” said George Charles, a spokesperson for VoucherCodesPro.

“Knowing your partner’s password without their knowledge will only lead to trouble. It suggests you are looking for something and if you look hard enough, you will always find something to convince you that your fear is real.”

By Jeff Parsons for www.mirror.co.uk

  • 1
  • 2

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top