‘Sakawa’ boys hack banks, telcos

It has emerged that 86 Ghanaian top companies have had their login credentials sold out to criminals to perpetrate fraud against the country.

The affected institutions include financial institutions such as banks, the telecoms sector, IT companies and even state institutions.

According to the director in charge of the Cyber Crime Unit of the Criminal Investigation Department (CID), ACP Dr Gustav Herbert Yankson, some criminals are hacking into such sensitive systems with ease and are getting access to sensitive data of those institutions.

He said the affected companies have been informed to change their login passwords as soon as possible since the criminals are using it to access sensitive information that could disrupt the functioning of their organizations temporarily.

Dr Yankson told newspaper on Wednesday that the Federal Bureau of Investigations (FBI) in the United States is leading investigation into what he called “the dark web market place” to clamp down on criminal activities within their space and share their investigative reports on those concerning Ghana with the Cyber Crime Unit of CID.

He said the FBI report indicated that Remote Desk Top Protocol (RDP) access credentials of the affected companies are being compromised in a rampant manner.

He said the report indicated that access credentials were sold out to criminals between October 2014 and January 2019.

“There are 86 credentials about Ghana that have been sold out on the dark web. So the CID wishes to alert the general public who are using computer networks to make sure that they improve on their cybersecurity within their organizations,” he advised.

Dr Yankson revealed that what were on sale were the IP addresses, the port numbers, the login credentials including usernames and passwords.

He said the FBI discovered that some of the passwords of these companies “were so weak that the criminals found it easy accessing on the dark web.”

He mentioned that “some companies only used alphabets and numerical in creating the passwords while others used names.”

For proper cybersecurity, the Cyber Crime Unit boss said, “it must contain a mixture of numerical, alphabets – including capital and small letters – currency signs, asterisks, etc. to make their passwords very strong.”

“It means our cyberspace is still not secure so network holders, individuals, companies, government  and all must shore up  our game when it comes to cyber security and put in measures to make sure that our cyberspace is protected,” he said

The police CID, according to Dr Yankson, is preparing to sensitize organizations to how to properly secure data.