MANILA, Philippines—Prosecutors from the Department of Justice (DOJ) have indicted four individuals responsible for hacking the accounts of more than 700 clients of BDO Unibank late last year.
Facing charges for violations of Republic Act 8484 or Access Devices Regulation Act of 1998 and RA 10175 or the Cybercrime Prevention Act of 2012 are the following: Jherom Anthony D. Taupa, Ifesinachi Fountain Anaekwe, Ronelyn Panaligan a.k.a. Luka Hanabi and Clay S. Revillosa a.k.a. X-men.
Prosecutors recommended that a similar complaint against Chukwuemeka Peter Nwadi be subject to further investigation.
The group is behind the Mark Nagoyo heist that affected hundreds of BDO accounts in December last year.
BDO said that some of its clients were hit by “sophisticated fraud techniques” through its online banking platform.
READ: NBI nabs 5 in hacking of 700 bank accounts
Some of the victims who posted on social media said their accounts were hacked even if they did not click any links or did not disclose their bank information.
BDO said it has already restituted the affected accounts.
What is the participation of the four?
Based on the prosecutors’ resolution, Anaekwe, a Nigerian, provided access devices to anyone looking for options to cash out funds. These access devices range from bank accounts to crypto wallets or point of sale terminals of legitimate merchants.
Taupa, on the other hand, sells “SCAMPAGE” or a phishing website which is an imitation of the webpage GCash. Scampage is used to harvest log-in details, usernames, passwords, and mobile personal identification numbers (MPINs) of victims. The scampage is sold for P2,000.
Panaligan, meanwhile, is the “verifier” and seller of dummy accounts. She pretends to survey a market and asks victims for their identification cards. She takes its photos and pays the participants P50.
The information she acquired will then be given to hackers to cash out illegally sourced funds.
Revillosa, on the other hand, sells 800,000 mailing lists (email addresses) which contains the log-in credentials of online banking accounts for P30,000. The mailing lists are used in the preparatory stages of the hacking activities.
Taupa, Panaligan, and Revillosa all executed extrajudicial confessions admitting their participation.
On the other hand, prosecutors recommended that Nwadi a further investigation be conducted because “other than his presence during the entrapment operation, no other evidence was adduced by complainants as to his participation in the trafficking of unauthorized access devices.
The five were arrested by the National Bureau of Investigation (NBI) in several entrapment operations on January 20 and 220.
RELATED STORY
NBI arrests 2 Nigerians, 3 others for ‘Mark Nagoyo’ bank hacking