THE Department of Justice (DOJ) announced on Wednesday that it has indicted four of the five individuals who were earlier arrested for being part of the “Mark Nagoyo Heist Group” allegedly behind the hacking of the country’s largest bank, BDO, which affected more than 700 customers late last year.
Charged for violation of Republic Act (RA) 8484 or the “Access Devices Regulation Act of 1998” and Republic Act (RA) 10175 or the “Cybercrime Prevention Act of 2012” were Jherom Anthony Taupa, Nigerian national Ifesinachi Fountain Anaekwe, Ronelyn Panaligan and Clay Revillosa.
The DOJ’s Office of the Prosecutor General, on the other hand, referred for the conduct of further investigation for the similar complaint filed against the fifth suspect identified as Chukwuemeka Peter Nwadi, also a Nigerian national.
Other than his presence during the entrapment operation, the DOJ said no other evidence was presented by complainants as to his participation in the trafficking of unauthorized access devices.
Nwadi was ordered released from detention pending further investigation.
The suspects were arrested by operatives of the NBI-Cybercrime Division (NBI-CCD) in a series of entrapment operations between January 20 and 22, 2022 based on several information that the agency received pointing to the suspects as those responsible for the illegal act.
Based on the NBI-CCD’s complaint, the tasks of the suspects were “compartmentalized,” meaning they allegedly played separate roles to make the fraudulent transfers or illegal access of online accounts possible.
The NBI-CCD also likened the group’s modus operandi to money laundering activities considering that after the hackers have illegally accessed the online banking account or banking system, they would transfer the money to a dummy bank account.
“Thereafter, another transfer would then be made either to another dummy bank account, GCash or PayMaya account. Money mules are then engaged to personally withdraw or cash-out the stolen money, which would earn by getting commissions from the total amount of withdrawn money. It is only after a series of transfers would the stolen money be moved to the syndicate’s personal accounts,” the complaint said.
Specifically, the NBI-CCD accused Anaekwe and Nwadi of being engaged in the business of providing access devices to anyone looking for options to cash out funds fraudulently obtained.
These access devices ranges from bank accounts, crypto wallets or even point of sale terminals of legitimate merchants, according to the complaint.
A motion for Issuance of a Hold Departure Order will be filed against Anaekwe, and a motion for issuance of precautionary hold departure order against Nwadi.
Meanwhile, Taupa was caught in the act of selling a “scampage,” or a phishing web site which is an imitation of the webpage of GCash a well-known electronic money issuer whose real site is hosted on https://www.gcash.com.
The NBI said “scampage” is used to harvest the login details, usernames, passwords and mobile personal identification numbers (MPINs) of unwitting victims who would access the scampage under the mistaken belief that they were accessing GCash’s official portal.
The scampage, which was being sold for P2,000, further provides access to victims’ GCash accounts in order to steal the funds therein.
The NBI said Taupa has executed an extrajudicial confession where he admitted to developing GCash scampages.
The case against Taupa was electronically filed with the Office of the Clerk of Court, Regional Trial Court of Guagua, Pampanga last January 25.
On the other hand, the NBI said Panaligan is a member of “Max Bounty” Facebook Page hiding behind the user name “Luka Hanabi.”
The NBI said Panaligan is a known verifier and seller of dummy accounts who pretends to conduct a survey in a market and asks the victims for their identification cards and take their photograph.
A fee of P50.00, through telecommunication load, is then given to the owners of these cards for participating in the survey.
“Panaligan would then use the information and photograph of her victims, without their knowledge, to apply for verified GCash or PayMaya accounts. After securing the debit cards, Panaligan would offer it for sale to hackers looking to pseudonymously cash out funds from illegitimate sources,” the NBI-CCD said.
“Panaligan executed an extrajudicial confession wherein she admitted the kind of business she is engaged in. She even admitted that prior to her arrest, she had already nine verified PayMaya accounts. Panaligan was only able to offer the poseur customer one account,” it added.
In the case of Revillosa, the NBI-CCD said he was caught selling 800,000 mailing lists (e-mail addresses) containing log-in credentials of online banking accounts for P30,000.00.
The mailing lists are used in the preparatory stages of large-scale fraudulent activities.
Revillosa also executed an extrajudicial confession admitting that he hacked the database of certain web sites to obtain the mailing lists.
He also admitted that he was able to confirm the group behind the BDO incident that contacted him to purchase the mailing lists.