Monday, June 22, 2015

How Nigerian Hackers Stole N10 Million , Hacked Govt Websites, Bought Cars And Built Houses


DADA FOLAJIMI OLUWATOBI 08069163502 – EKITI STATE, ABDULRAHMAN MUSA 08164700702 – SOKOTO NORTH , and other members of their syndicate, have hacked www.potechSMS.com and stolen over N10,000,000.00 worth of BULK SMS in the last few months.
The syndicate comprising of professional hackers, internet marketers and bloggers, usually send email messages with attachments containing spyware = a type of malware that is installed on a computer without the knowledge of the owner in order to collect the owner’s private information and gain access to your email boxes, bank accounts and social media accounts. If you refuse to open their attachments after several tries, they’ll engage their hackers to forcefully compromise your email and/website, to enable them gain access.
These guys have hacked several corporate, personal and govt websites, including websites of National Assemby, Amuwo-Odofin LGA, Lagos, Nigerian Airspace Management Agency, amongst others as shown on attached pictures, and would also be excited and proud about it, to the extent of posting their hacked and defaced websites online and even to their facebook friends, who are majorly their colleagues.
Below are details of some of the criminals, obtained by me using personal and limited intelligence and tools:
ABDULRAHMAN MUSA with fake name Duduyegbe Gabriel (@Alara2013 on twitter), and Emiloju Gabriel (facebook), phone numbers 08164700702 or 08026218867; sells stolen bulk
SMS through www.myappsms.com and uses following accounts:
GTBank – 0121162547
Sterling Bank – 0021528326
DADA FOLAJIMI OLUWATOBI on facebook as Dada Folajimi Dandy (www.facebook.com/folajimidandy) sells stolen bulk SMS via www.myappsms.com and uses following accounts:
UBA – 2064516950
Ecobank – 1681025758
GTBank – 0117284550
Account Name: DADA FOLAJIMI .O
Phone: 08069163502
Other websites belonging to same syndicate include:
www.sollysms.com – 08108767268
Their leader, Peter Adenuga (Facebook: www.facebook.com/adenuga.peter1) of CLASSIC GLOBAL CONCEPT with fake offices @ Oko-Afo, Lagos-Badagry express way, Nigeria,
Branch Office: Igan Road, Ago-iwoye , Ogun State and Phone 08140895029, 08115911931 sells his through www.classicsms.org andwww.asuusms.com
Peter Adenuga is also a student of Olabisi Onabanjo University OOU
Other accomplices are:
Solomon (Sunday) Olaitan Ogundare (Facebook: www.facebook.com/solomon.olaitan.79) 08024665066 – Ifo, Ogun State, and Daniel Egberoh (Facebook:
www.facebook.com/dan.egberoh) 08034069497 – Ikeja Lagos, of Treasurekeys Ltd: 20, Oluwalomola treet, off Adeniyi Bankole street, Daddy Town, Giwa Oke-aro, Ogun State,
Branch I: Treasure House, Akanfe Bus-stop, off Akanran road, Olorunsogo, Ibadan, Oyo State. Branch II: 2, Salami street, off Ayodele Street, Mafoluku, Oshodi, Lagos
Solomon Olaitan and Daniel Egberoh own www.bokosms.com where they sold stolen bulk SMS until recently when the website expired.
They also own and run www.treasurekeys.com.ng
These guys are suspected to be into big time land/property sale, WAEC/NECO fraud, plus unauthorized sales of other intellectual properties as music and books.
How they hit potechSMS.com
www.potechSMS.com is a portal where people buy premium bulk SMS for mobile/SMS marketing, servicing companies such as the Lagos State Civil Service Commission, Panasonic, just to mention a few, own and run by my company, Potech Integrated Services Ltd., a CAC registered ICT firm. Because the portal has over 10,000 active customers, including high profile firms who send bulk SMS on daily or weekly basis, we never run out of SMS units, in order to ensure our esteemed customers get value for their money – 24/7.
Usually, we buy SMS units from international gateways or local suppliers at an agreed price, for example, N2.00 per SMS unit and resell to our customers for N3.00.
We usually have to transfer/pay money to our suppliers upfront, and they’ll credit our account with them with same value, accordingly.
This means that we have online accounts with such providers in which they load our purchased SMS units into, just as our own customers also have online accounts at potechSMS.com from where we credit them (give them value) when they pay to us.
As required, our website connects that of our supplier, using our login details (username and password) through API, to enable every customer on our website send their messages (SMSes) successfully. Normally, the SMS units in our account with suppliers don’t debited or reduced as we credit our own customers.
For example, we could have only 2 million SMS units in our account with supplier but would be allowed to sell 1 million units to up to 10 customers on our own side. However, this means that we have oversold and urgently need to buy additional 8 million units to be able to service these 10 customers who’ve paid us for 10 million units, respectively.
Our units with supplier will only start depleting gradually according to usage by our customers. In other words, we might decide to be buying 2 million units max from our supplier on each other to continue to have value to offer to the 10 clients as they consume their units.
Our portal is also designed to show us summary/balances of total units sold to customers that are yet to be used and total credit/balance with our supplier, in order to keep us on check against running out of credit.
Conventionally, after building your bulk SMS website/portal, you must login with admin access to open a page where you’ll enter the username, password, API/website of the supplier your own website must connect to and fetch credit to service your customers. This is where the risks lie…
These criminals would usually find a way to gain access to the admin side of your website, view and copy the login details you were given from your supplier and use same on their own SMS portal, bearing in mind that same login details from a single supplier can service unlimited websites/portals, provided there’s adequate credit on that account.
They’ll simply be selling your units on their own website and making 100% profit, since they aren’t contributing to the payments you make to your supplier, so they can afford to even sell at less than your buying price, bearing in mind that they aren’t paying for the credit. And because they are hackers, they also gain access to your own customer database, check out for your big customers who send more SMSes, contact them and offer them better price; and eventually would end up stealing all your big customers, if you don’t manage this well.
However, all messages sent from as many portals/websites as connected to same account details from same supplier, would eventually end up showing under the ‘Sent Messages’ menu on your account with your supplier, but because you and your customers usually end up sending SMSes from your own portal, where you can also access same sent messages, you’ll never really bother to always come back to your supplier site to check sent messages, so the criminals could use your credit for years without you realising, especially when you have lots of customers and transactions.
This was how they succeeded in being connected to our portal for the past three years or more, selling our credit at lower price and stealing our customers, too.
We only got worried when our company continued to always buy credit even when we do little or no new sales; yet it was difficult to easily suspect someone was using your credits, bearing in mind that sometimes we take money from our customers without increasing our own credit at the supplier end immediate.
At some point in time, we started sourcing for funds from external sources and our other businesses just to buy more credit and service our esteemed customers, yet as we increase our purchases with suppliers, the criminals will in turn increase their customer base and criminal base.
It came to the extent that we had to downsize workforce and starter diverting funds meant for other businesses into bulk SMS – just to retain our esteemed customers.
Fortunately, sometimes last year, I was lucky enough to be amongst the 50 people out of over 2,000 young entrepreneurs who applied for the annual Diamond bank Plc sponsored Building Entrepreneurs Today programme, which awards scholarship to winners to study Entrepreneurial Management at the prestigious Enterprise Development Centre (EDC) of the Pan-Atlantic University.
In the cause of the business training at the EDC, we were taught financial intelligence and accounting which broaden my knowledge in that area, and so I had to get professional stock keepers, accountant, auditors and effective and efficient accounting system. By the time my business was halfway structured, it became true and plain that we have lost several millions to the bulk SMS business.
That was how we started investigations into the cause of such huge loss.
In my preliminary investigations, I discovered a few portal connecting to our site, yet no payment was ever received from such business names or their promoter.
With my experience in IT, having been in the business since 2007 and knowing how to design and develop websites, I had to dig into the backend and database of the portal, found a few unauthorised admin accounts, deleted them and hoped everything was fine.
Before too soon, we started losing money again, did a more broader investigation and find other means through which they were still gaining access.
I went ahead and blocked same. Each time I blocked them, they’ll find a way a new way to regain access.
With my internet security and tracking knowledge, I started tracing the criminals through their email addresses and phone numbers and was able to get into facebook accounts of some of them.
I went ahead to call some of them and pleaded with them to kindly stay away from my websites, even though they all denied it.
This was sometime in October 2014. When they persisted, I had to follow up one of them whose my personal investigations reveals the following details of:
Name: Fasasi Oluwaseun Lekan
Facebbok: www.facebook.com/lekan.fasasi
Sells stolen SMS via www.9jasms247.com – now www.baddosms247.com (Because I promoted the 1st as fraudulent online)
Emails: borntohacl4@gmail.com, lekanfasasi38@gmail.com
Twitter www.twitter.com/fajifm
Phone 08161549023, 07087214890
Bank name:- diamond bank
Account number-:0052139445
Account name:- Fasasi Oluwaseun Lekan
Fasasi’s current website, www.baddosms247.com is a 100% copied or replicated from ours, which suggests he could still have access to our website and must have just copied our source files to make up his own site.
Further investigations suggests that Fasasi was able to steal enough to begin a house building project, and also bought a car or two, as evidently shown in attached pictures.
I threatened him that I had reported him to security authorities and made him believe he was under surveillance by security agents, and would only be freed if he told me everything he knew about those hacking my sites.
It was at that point, he opened up to me on how they usually gained access into my website and even went further to give me technical details on what to do to remedy the situation.
His account of how they hack people’s website was shocking, as he emphatically told me at some point into our over 1hr phone conversation, that he’ll recommend and advice I abandoned the website, adding that they’ve eaten too deep into the site, such that it would be almost impossible to completely keep his team away from the site.
He repeatedly emphasised that I go after the owner and promoter of www.asuusms.com, adding that he was the one who masterminds the whole deal and even posted my account balances on his facebook wall for his team members to see and pay him more to give them same login details to plug their own websites to.
Eventually, I was smart enough to be able to record up to 37 minutes of this phone conversation, towards the end of it, and still have the audio in my possession as evidence.
As was instructed during my phone conversation with Fasasi, I had to login to the root of our website and deleted all the files and folders they had buried into our website, which automatically sends them our new supplier and login details, so even if we changed supplier or login details, the applications they’d embedded into our server would automatically update their own website, even without them doing anything further.
I had also updated some of my suppliers with my situation and some of them admitted that the had also been hit by same team and that their own investigations reveals that they work with top Indian hackers; and if you try to fight or blackmail them, they’ll face you and ensure they run you out of internet businesses. Another colleague of mine who runs same business confirmed to have been hit by them heavily, too.
Further investigations revealed that these guys have insiders in the banks who open bank accounts without doing due diligence and KYC to ascertain their true identities and supplied addresses.
Their bank colleagues also assist them in withdrawing large sums of money, while keeping percentage of the loots, as agreed.
On the other hand. When the amounts in their accounts aren’t huge, they wear face caps to ATM points usually in remote village, especially in Ogun State and make withdrawal through ATM machines.
We had tried severally to pose as prospective customers, ask them to come summit proposals at given offices, asked to come to certain hotels to collect cheques or cash, plus all other available tactics yet they will never honour any of these meetings, knowing fully well that it could be trick to get them arrested.
They’ll always end asking you to pay online using your ATM card or pay cash into their bank accounts, for any transactions.
I’m also very sure that the telephone lines they are using could be part of the thousands of SIMs the NCC had once said were registered with pictures and flowers instead of human pictures.
Fact is that these guys are smart and won’t be arrested easily, unless Fasasi who’s a student of OOU.
During the just concluded general elections when the need for bulk SMS for political campaign rose to all time high, and we were forced to stock credit in millions, in order to meet the increasing demands of our customers, they hit us big again.
This time, even a customer’s account with over 2 million units was compromised and units completely depleted in less than 24hrs!
At this point, I had to escalate the case to our web hosting company based in the United States; and having done business with them for long, they couldn’t hesitate to help.
They were able to scan through the whole of our dedicated server hosted in their custody and found that the criminals had actually gained access to our entire dedicated server with over 500 clients’ website hosted on the server being compromised in one way or the order, as they had also been overloading the server with applications that help them send spam/scam mails to millions of people around the world!
Consequently, the issues were finally laid to rest, as my host and their highly technical team was able to uproot all the files they hid on our entire servers.
In all of these, I was only able to make arrest of only one suspect who was detained at the Bode Thomas Police Station in Surulere Lagos, but I wasn’t really satisfied with the way the case was going, so I couldn’t follow up on it, and the young man was released on bail, after claiming he didn’t hack into our website on his own but rather bought our stolen SMS units to sell on his own website, from another supplier whom he also claimed he has never met face to face, adding that he always pays money into a provided UBA account, which the police promised to investigate, but I doubt if they went any step further than just the promise to do so.
I had also used my personally tools and intelligence to investigate, locate and confirmed the location of this suspect before taking the police there to execute the arrest. So I didn’t find it funny when al that efforts and resources went in vain, and so I had to resigned to my old believe that getting justice in Nigeria is usually not easy.
Each time I thought about raising the case, something kept telling me that I might end up spending more money and waste time without getting justice.
The assurance of CHANGE…
Just last night, one of our suppliers who in the cause these criminals, was able to develop a personal application that alerts him when the hackers strike, called me last light to check that he got alert from our account with them of same hackers resuming their normal business on our account.
I had to abort the meeting I was headed to and came home straight to my computer system, and after investigations, I realized they had attacked our supplier’s site and gained access to our login details from his end and not from our website this time; and I thought to myself: ‘For how long would we continue to suffer silent losses running in millions in the hands of criminals who should have been in jail by now?’
I told myself ‘Things must change, after all we have positive CHANGE at the federal level of our govt., which I so much believe in.’ I thought it was the right time to challenge these criminals and seek justice, as I had estimated the amount of money my company had lost to the criminals to be above N10,000,000.00.
I also know that making this public would also help hundreds or even thousands of others who might be suffering same fate helplessly.
I am also sending this to the Economic and Financial Crimes Commission and the Nigeria Police, as petition, and would be willing to work and give them my best support to ensure we get to the root of the matter.
Other websites linked to our stolen bulk SMS include:
More suspected Bank Accounts linked to above websites include:
Account number-:9995247550
Account name:- prescribed sms
Bank name:- diamond bank
ACCT NAME: Peaksms Solution Company
ACCT NO: 1012642026
BANK: Zenith Bank PLC
Account Name: JOHN JAMES
Account Number: 3075743490
1st bank
Name- Ajiboye silas Deji
Acct number- 2054946451
Bank name- U.B.A bank
Zenith bank
Account Name: JOHN JAMES
Account Number: 2008736761
Bank: GTB
Account Name: Discovery Infotech Network
Account NO: 0022285484
Account Name: Discovery Infotech Networ
Account NO: 1012238304
Bank Name: Access
Account Name: Chinedu Daniel
Account No: 0013946050
Bank Name: First Bank
Account Name: Chinedu Daniel
Account No: 3072166692
Bank Name: UBA
Account Number: 2077290018
GTBANK: 0121162547
ACCOUNT NUMBER: 0021528326
Bank Name: FirstBank
Account Number: 3084059711
Diamond Bank
Account Number: 0031531897
Account Name: Forcados Precious
Access Bank
Account Number: 0033274373
Account Name: Forcados Precious
GTBank Acct Name: Sulaiman Muazu Danjabalu Acct No: 0149944204 OR UBA Acct Name: Sulaiman Muazu Danjabalu Acct No: 2068904595
Account Name: Omonaiye Ola [Firstbank: 3068130704],[Gtbank: 0149841080]
Account Number: 3063640794
Bank Name: First Bank
Account Name: Adeyemi Adekunle Ayomide
Account Number: 308141209

Philip Obin, 
MD/CEO, Potech Ltd

No comments: