Here's a reason why investigative journalism is crucial in countries like #SriLanka where every system a citizen depends on has collapsed or is seriously compromised. This example is drawn from @OfficialSLC. Thread.
In September 2018, there was a financial scandal at Sri Lanka Cricket. Piyal Dissanayake, its chief financial officer, was sent on compulsory leave during inquiry into whether he instructed Sony Pictures Networks India (Pvt) Ltd to transfer US$ 5.5mn to an a/c in Hong Kong. (1)
The Hang Seng Bank a/c belonged to an entity named Fanya Silu Co Ltd and Dissanayake allegedly used his official email to authorise payment. His instructions said around Rs 93.3mn would be further credited automatically to a Banamex Bank a/c in #Mexico. (2)
This is an electronic wire transfer where the money is sent to the final beneficiary’s bank account via an intermediary bank. The money was Sony’s outstanding payments to SLC for television broadcast rights, held up over issues #Sony faced then with India’s tax regulator. (3)
Problem is the a/c didn't belong to @OfficialSLC. So #Sony queried why it was required to pay Fanya Silu Co and not Sri Lanka Cricket. SLC then quickly suspended the instructions handed the case over to the CID. It also hired Ernst & Young to audit SLC’s broadcast earnings. (4)
Dissanayake maintained his innocence and said his email had been hacked. He hasn't changed that position and provided evidence to investigators. @champikafernand and I through @TimesOnlineLK took on this case. Most media parroted SLC officials and judged the CFO guilty. (5)
Using a collaborative network I formed through the @gijn after attending its international conference in South Korea, we sought the assistance of journalists in Hong Kong and other countries to understand what had happened. (6)
It was also found that Sony had earlier separately remitted US$ 187,000 (Rs 32mn) to an offshore a/c, allegedly on the CFO’s instructions, thought to have been a dry run. This was for Sri Lanka’s tour of South Africa. The larger fee was for the England tour of Sri Lanka. (7)
@OfficialSLC didn't immediately assign the matter to cyber security experts, such as Sri Lanka CERT/CC (Computer Emergency Readiness Team/Co-ordination Centre) or the private sector TechCERT. But the case had multiple characteristics of international wire transfer fraud. (8)
To cut this short, @champikafernand and I maintained it was likely a "business email compromise". In 2018 alone, Sri Lanka CERT had handled 10 similar cases; 33 in 2017. and 16 in 2016. Among the targets were large corporations doing business with foreign clients. (8)
Through contacts, we reviewed necessary documentation and the @gijn network helped with company info abroad. We also drew on our own experience on having done investigations. Several features of business email compromise were glaringly clear (to us) in the SLC case. (9)
Here is the first story we wrote: sundaytimes.lk/181014/news/sl…
But @OfficialSLC's IT dept REPEATEDLY insisted Dissanayake was guilty because it had "strong controls (Office 365 login)". (10)
But @OfficialSLC's IT dept REPEATEDLY insisted Dissanayake was guilty because it had "strong controls (Office 365 login)". (10)
We followed up on this. It wasn't easy because nearly everyone else maintained Dissanayake was the ONLY culprit. But in May 2019, we wrote this story vias @TimesOnlineLK:
sundaytimes.lk/190512/sports/…
(11)
sundaytimes.lk/190512/sports/…
(11)
"A forensic audit has found that an alleged wire transfer fraud at Sri Lanka Cricket (SLC) was the result of “business email compromise” (BEC) by hackers who attempted to siphon funds into an offshore account by infiltrating the official email accounts of SLC employees." (12)
"The CID has made little headway. However, the Sunday Times first reported in October 2018 that SLC was likely to have been the target of hackers using a Hong Kong-based shell company to perpetrate an international wire transfer fraud in a textbook case of BEC." (13)
This was the outcome of the EY audit. The details are in the link above. In summary,determined that emails, particularly containing instructions to transmit money into an offshore account that did not belong to SLC, originated from a fake Internet Protocol (IP) address. (14)
This indicated that SLC’s email accounts were hacked.“In the email, an invoice was attached with instructions to remit USD 187,084.75 to beneficiary’s account (6761603874) in BBVA Compass bank in USA,” the 112-page report states. (15)
“We noted in the trace report that the email had been sent from the HOF’s email account from IP address 41.190.3.93 (which we refer to as a fake IP address).” The fake invoice “appears to have been modified using the ‘genuine’ invoice, using ‘ImageMagick’...(16)
...a tool which enables modifying of pdf documents on 18 July 2018 but dated 17 July 2018” the report continues. The genuine invoice was dated 17 July 2018. So on and so forth. (17)
When the Committee on Public Enterprise (COPE) under @charith9 took up the matter, this happened: @OfficialSLC admitted that a recent Cyber Security Vulnerability Assessment by PricewaterhouseCooper (PwC) had found serious lapses in the computer security system in place. (18)
Here is one of those stories, by @champikafernand via @TimesOnlineLK
sundaytimes.lk/210214/sports/…
“They have found that SLC has a superhero, that is the IT Manager, who can superimpose anyone, me, the President, CEO or anyone without their knowledge," SLC Treasurer...(19)
sundaytimes.lk/210214/sports/…
“They have found that SLC has a superhero, that is the IT Manager, who can superimpose anyone, me, the President, CEO or anyone without their knowledge," SLC Treasurer...(19)
...Lasantha Liyanage admitted before CoPE. “So they have raised serious issues in the system. We are now in the process of securing the IT system.” Dissanayake was not cleared, not reinstated and, as far as we know, there wasn't even an apology. (20)
He also wasn't convicted. I missed this story by @champikafernand.
sundaytimes.lk/191110/sports/…
The National Audit Office (NAO) became the third agency to confirm email accounts of SLCwere compromised but came no closer to unraveling who was responsible. (21)
sundaytimes.lk/191110/sports/…
The National Audit Office (NAO) became the third agency to confirm email accounts of SLCwere compromised but came no closer to unraveling who was responsible. (21)
dailymirror.lk/print/cricket-… by @champikafernand
Citing a detailed report issued by CERT to the NAO, this states SLC's IT system was so badly protected that it was left wide open to hacking. (22)
Citing a detailed report issued by CERT to the NAO, this states SLC's IT system was so badly protected that it was left wide open to hacking. (22)
But CERT did NOT rule out the possibility of inside involvement in the alleged wire transfer fraud. TO DATE it remains unclear who the local perpetrators, if any, behind the attempted fraud were.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
