Here's a reason why investigative journalism is crucial in countries like #SriLanka where every system a citizen depends on has collapsed or is seriously compromised. This example is drawn from @OfficialSLC. Thread.
In September 2018, there was a financial scandal at Sri Lanka Cricket. Piyal Dissanayake, its chief financial officer, was sent on compulsory leave during inquiry into whether he instructed Sony Pictures Networks India (Pvt) Ltd to transfer US$ 5.5mn to an a/c in Hong Kong. (1)
The Hang Seng Bank a/c belonged to an entity named Fanya Silu Co Ltd and Dissanayake allegedly used his official email to authorise payment. His instructions said around Rs 93.3mn would be further credited automatically to a Banamex Bank a/c in #Mexico. (2)
This is an electronic wire transfer where the money is sent to the final beneficiary’s bank account via an intermediary bank. The money was Sony’s outstanding payments to SLC for television broadcast rights, held up over issues #Sony faced then with India’s tax regulator. (3)
Problem is the a/c didn't belong to @OfficialSLC. So #Sony queried why it was required to pay Fanya Silu Co and not Sri Lanka Cricket. SLC then quickly suspended the instructions handed the case over to the CID. It also hired Ernst & Young to audit SLC’s broadcast earnings. (4)
Dissanayake maintained his innocence and said his email had been hacked. He hasn't changed that position and provided evidence to investigators. @champikafernand and I through @TimesOnlineLK took on this case. Most media parroted SLC officials and judged the CFO guilty. (5)
Using a collaborative network I formed through the @gijn after attending its international conference in South Korea, we sought the assistance of journalists in Hong Kong and other countries to understand what had happened. (6)
It was also found that Sony had earlier separately remitted US$ 187,000 (Rs 32mn) to an offshore a/c, allegedly on the CFO’s instructions, thought to have been a dry run. This was for Sri Lanka’s tour of South Africa. The larger fee was for the England tour of Sri Lanka. (7)
@OfficialSLC didn't immediately assign the matter to cyber security experts, such as Sri Lanka CERT/CC (Computer Emergency Readiness Team/Co-ordination Centre) or the private sector TechCERT. But the case had multiple characteristics of international wire transfer fraud. (8)
To cut this short, @champikafernand and I maintained it was likely a "business email compromise". In 2018 alone, Sri Lanka CERT had handled 10 similar cases; 33 in 2017. and 16 in 2016. Among the targets were large corporations doing business with foreign clients. (8)
Through contacts, we reviewed necessary documentation and the @gijn network helped with company info abroad. We also drew on our own experience on having done investigations. Several features of business email compromise were glaringly clear (to us) in the SLC case. (9)
Here is the first story we wrote: sundaytimes.lk/181014/news/sl…
But @OfficialSLC's IT dept REPEATEDLY insisted Dissanayake was guilty because it had "strong controls (Office 365 login)". (10)
We followed up on this. It wasn't easy because nearly everyone else maintained Dissanayake was the ONLY culprit. But in May 2019, we wrote this story vias @TimesOnlineLK: sundaytimes.lk/190512/sports/…
(11)
"A forensic audit has found that an alleged wire transfer fraud at Sri Lanka Cricket (SLC) was the result of “business email compromise” (BEC) by hackers who attempted to siphon funds into an offshore account by infiltrating the official email accounts of SLC employees." (12)
"The CID has made little headway. However, the Sunday Times first reported in October 2018 that SLC was likely to have been the target of hackers using a Hong Kong-based shell company to perpetrate an international wire transfer fraud in a textbook case of BEC." (13)
This was the outcome of the EY audit. The details are in the link above. In summary,determined that emails, particularly containing instructions to transmit money into an offshore account that did not belong to SLC, originated from a fake Internet Protocol (IP) address. (14)
This indicated that SLC’s email accounts were hacked.“In the email, an invoice was attached with instructions to remit USD 187,084.75 to beneficiary’s account (6761603874) in BBVA Compass bank in USA,” the 112-page report states. (15)
“We noted in the trace report that the email had been sent from the HOF’s email account from IP address 41.190.3.93 (which we refer to as a fake IP address).” The fake invoice “appears to have been modified using the ‘genuine’ invoice, using ‘ImageMagick’...(16)
...a tool which enables modifying of pdf documents on 18 July 2018 but dated 17 July 2018” the report continues. The genuine invoice was dated 17 July 2018. So on and so forth. (17)
When the Committee on Public Enterprise (COPE) under @charith9 took up the matter, this happened: @OfficialSLC admitted that a recent Cyber Security Vulnerability Assessment by PricewaterhouseCooper (PwC) had found serious lapses in the computer security system in place. (18)
“They have found that SLC has a superhero, that is the IT Manager, who can superimpose anyone, me, the President, CEO or anyone without their knowledge," SLC Treasurer...(19)
...Lasantha Liyanage admitted before CoPE. “So they have raised serious issues in the system. We are now in the process of securing the IT system.” Dissanayake was not cleared, not reinstated and, as far as we know, there wasn't even an apology. (20)
He also wasn't convicted. I missed this story by @champikafernand. sundaytimes.lk/191110/sports/…
The National Audit Office (NAO) became the third agency to confirm email accounts of SLCwere compromised but came no closer to unraveling who was responsible. (21)
Citing a detailed report issued by CERT to the NAO, this states SLC's IT system was so badly protected that it was left wide open to hacking. (22)
But CERT did NOT rule out the possibility of inside involvement in the alleged wire transfer fraud. TO DATE it remains unclear who the local perpetrators, if any, behind the attempted fraud were.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
With the prorogation of parliament, all parliamentary committees, including the Committee on Public Enterprise (COPE) headed by @charith9 which did much work inquiring into serious malpractices in Govt institutions highlighted by the National Audit Office, stand dissolved. (1)
This includes further inquiry into the report based on which @TimesOnlineLK published the story yesterday on #LOLC/Hingurana sugar. All incomplete COPE reports that haven't been submitted to parliament will now be in limbo. (2)
If you are a citizen of #SriLanka, understand one thing: all the checks and balances that were put in place to protect our rights and our resources are being dismantled to serve political objectives and personal ambitions. Utimately, YES, it hits the economy, our stomachs (3)
Think the private sector always does thinks better? And cleaner? And right? Read how Hingurana Sugar has been sucked dry via an interesting mechanism by #LOLC and #Brown. Great work by #SriLankan National Audit Office. via @TimesOnlineLK
Hingurana sugar factory is run jointly by the Government and private entities Brown & Company PLC and Lanka ORIX Leasing Company PLC (LOLC). #LOLC took billions worth of loans for the business at soaring interest rates from its associate companies.
The sugar company's operations were repeatedly funded through loans obtained from LOLC subsidiaries “under abnormal terms and comparatively higher interest rates”. Some were taken on compound interest, resulting in high finance costs, the NAO found
Asking @namalrajapaksa whether he chartered aircraft from @flysrilankan is pertinent, relevant and NECESSARY, considering past history. @TimesOnlineLK investigated the abuse of the national airline during the presidency of his father and found that...(1)
...@PresRajapaksa spent more than Rs. 785 million within three years to charter @flysrilankan aircraft for his visits abroad. Documents showed that the airbuses would often remain idle in various airports until Mr Rajapaksa finished his tours. (2)
@flysrilankan billed his office a total of Rs 785,079,185 for 90 aircraft movements in 2012, 2013 and 2014. This figure doesn't reflect other multiple costs such as crew accommodation. Those expenses were often met by Sri Lanka’s diplomatic missions abroad. (3)
One of the stories we at @TimesOnlineLK did today is of interest to every user of a mobile phone service. My tweets can be long threads but bear with me. I do it because you people don't read articles 🙄 (I'm on to you) #SriLanka
You know all this value added services you seem to have subscribed to? Some willingly, some unknowingly and most by-now-forgotten but still being added to your bill without actually showing up on it? The @TRCSL has now clamped down after being swamped with customer complaints.
Now, mobile companies MUST introduce a PRACTICAL mechanism for unsubscribing from value-added services (VAS). No service can be promoted as being free if it involves any charges whatsoever to the consumer, even at a later date.
This long thread is about Imaad Zuberi who in June this year went to jail in the US for defrauding #SriLanka out of nearly US$6mn. The money was disbursed through @CBSL in 2014. Those that paid were never held accountable. And it’s not just US$6mn we’re talking about.
@TimesOnlineLK first reported in a July 2014 political column that Zuberi was introduced to UPFA leaders by Saleem H Mandviwalla, a one-time Chairman of Pakistan's Board of Investment, friend of President Rajapaksa and Namal Rajapaksa MP. sundaytimes.lk/140720/columns…
On July 20, @TimesOnlineLK political column revealed that Vass Gunawardena was doing back-channel diplomacy to cushion possible adverse fallout from an international investigation into alleged war crimes. Again, Zuberi was key. sundaytimes.lk/140810/columns…
@WHOSriLanka had been convening an independent expert panel--which included members attached to the WHO--to assess #COVID19 in Sri Lanka. They produced reports which were easy to understand, scientific and provided a snapshot into the prevailing situation around the time. (1)
At least two reports were published online. I am among the professional journalists (also my colleague at @TimesOnlineLK) who took extracts from the report while identifying CORRECTLY that it was an independent panel convened by @WHOSriLanka (2)
The reports did specify that lockdowns would save lives. This was the opinion of the experts in the panel. The media duly reported it, ALONG with other facts contained therein. (3)