A Zimra employee reportedly hacked Zimra and stole $ 2.3 million. Although the culprit was caught before he managed to get away with it, Zimra hasn’t yet recovered the money. The employee, Stephen Moreka is employed as an infrastructure administrator by Zimra, no wonder he was able to pull it off well not exactly.
As a reader called out in the comments below (yes this has been updated), this was not a hack in the strict sense of the word. The guy is being charged with unauthorised access and that is also regarded as hacking broadly speaking. He did this while on sick leave by the way.
Zimra commissioner general stated that it had intercepted the staffer, who tried to transfer funds into other people’s accounts.
Here is how he did it
The guy accessed Zimra’s payments terminal and then without permission, he started to upload files with a total value of $2,3 million (he faked payments that needed to be made sort of). He then went on to siphon the actual $2,3 million from Zimra’s server into various bank accounts of other people (most likely his accomplices).
To cover his trail, Stephen Morekan cleared the server logs by deleting files on the server.
As luck would have it, a Zimra accounting officer noticed the files and recovered them. Zimra then proceeded to report the issue to the police who apprehended him and now the matter is before the court.
Even though Zimra now knows where the money is, it’s still yet to recover it from the accounts the money was sent.
A heads up for organizations on ‘inside jobs’
Cyber-attacks resulting in the loss of money and private information has led many to believe that outside hackers are the only way companies can lose control over their money and data. While these events obviously need to be taken seriously, many companies ignore the possibility of internal employees being responsible for the loss of private information. It can be hard to scrutinize the people working daily to build up your organization, but system breaches coming from inside the business aren’t something to be taken lightly.
An employee has better access to a network computer that will readily connect to the heart of a system which is its most vulnerable part. Insiders also tend to know sensitive information including passwords, key passes, co-employees’ computing habits, system vulnerabilities, etc.
So while guarding against ‘outside’ hackers, organizations have to make sure that they are not overly exposed to ‘inside jobs’ at the same time.
Quick NetOne, Telecel, Africom, And Econet Airtime Recharge
If anything goes wrong, chat with us using the chat feature at the bottom right of this screen