How hacker stole R600K from Eastern Cape schools

  • In 2010, a Johannesburg-based hacker stole R600 000 from the Eastern Cape Education Department.
  • Now 13 years later he has been given a three-year prison sentence for the crime.
  • The hacker used a keylogger to steal password information from department employees and access accounting software to make the theft.

Last week, the Specialised Commercial Crime Court of East London, Eastern Cape, handed down a prison sentence of three years to a hacker who stole just under R600 000 from the province’s education department.

The crime took place in 2013, when Bruce Owen, in his thirties at the time, broke into the inner workings of the Eastern Cape Department of Education’s Basic Accounting System and used it to make payments into his own bank accounts.

A News24 report indicates that the money he stole was meant to buy food for learners across schools in the Eastern Cape, the poorest province in South Africa.

The theft exacerbated an already vulnerable system, with reports emerging for some time now that schools in the province have been struggling to scrounge up funds to feed children, especially in the poorest and most rural communities.

As it took the investigation 10 years to wrap up before an arrest was made in 2020, Owen was living with his ill-gotten gains in his Johannesburg home. A write-up from the Daily Sun explains that the hacker used a “keylogger device” to gain access to the department’s accounts.

“This resulted in the financial loss of more than R600 000 from the government department. Owen illegally obtained information through the use of a keylogger device designed to capture all the keystrokes done on the computer keyboard,” detailed Hawks spokesperson Warrant Officer Ndiphiwe Mhlakuvana.

What are keyloggers and how can hackers use them

Internet cybersecurity firm Kaspersky says that keyloggers are a tool that records everything that is typed into the keyboard of a computer or even smartphone.

For example, if you open your PC with a password, the keylogger will record that you pressed the enter key, record the password you typed in full with cases preserved and then that you hit enter again to log in.

Keyloggers are now so advanced that they can even record the length of time a certain key was pressed, the exact moment in time that it was pressed, and how fast you are typing.

People who use keyloggers on the devices of others can quietly monitor activity while the other person uses the device like normal, usually unaware of the keylogger’s presence.

Keyloggers can be used for legitimate purposes, as in software development where you need to keep a log of what you typed and when, but they can also be used for more nefarious purposes as is the case here.

“Worse cases have shown criminals to implant legitimate websites, apps, and even USB drives with keylogger malware,” says Kaspersky.

“User behaviours and private data can easily be assembled from logged keystrokes. Everything from online banking access to social security numbers is entered into computers. Social media, email, websites visited, and even text messages sent can all be highly revealing.”

Two types of keyloggers

Keyloggers come in two types. Software keyloggers or hardware keyloggers.

Software keyloggers are computer programmes that need to be installed on a device’s hard drive. These can get on your PC via a virus from a hacker, for example.

Hardware keyloggers are physical devices that need to be connected to a PC for the keylogger to work, or be installed. USBs can be used as hardware keyloggers, which deliver the programme to a device as the USB is connected.

“Once the information was captured by the keylogger it was automatically saved on a memory device and was later used to hack into the system, utilising login credentials of the officials,” adds Mhlakuvana.

The theft itself

Owen used the keylogger to gain access to the department’s accounting software and then made 14 payments into his bank accounts. The Hawks would eventually trace these transactions back to Owen, who has masked his actions by labelling the transactions as going to four different schools in the province.

How the keylogger found its way into the hacked PC is not indicated. But since the hacker is based in Gauteng and hacked the Eastern Cape department, it is likely that a software keylogger was used, which was probably downloaded unwittingly via a phishing email or similar. Highlighting again the need to keep in mind how effective such an attack can be.

But as the Hawks continue mentioning that a “device” was used, it is also possible that Owen somehow managed to get a USB keylogger connected to the target PC. This is unlikely because department employees could have noticed the strange USB attached to their machine when they were typing in the password.

On Thursday last week, Owen was handed a three-year direct imprisonment sentence for the theft, 10 years after the crime was committed according to Legal Reporter. Cybercrimes of this nature can have a maximum prison sentence of up to 15 years, depending on their maliciousness.

[Image – Photo by Brina Blum on Unsplash]


About Author


Related News