Hackers infiltrated KwaDukuza Municipality’s system, using spyware to steal R35.7 million on January 31 – now, a forensic probe and court battle aim to recover the missing money.

Fraud investigation report by ABSA reveals how money was stolen

The long-awaited fraud investigation report by ABSA on the unlawful transfer from the municipality’s account in January was presented to the council on Thursday.

The investigation revealed that three municipal laptops were compromised with an unauthorised remote monitoring application, Net Monitor for Employees Software Tool.

Also read: 3 investigations launched after millions missing, service delivery failures at KZN municipality

This software allows a remote user to access computers, record activities, capture keystrokes, block websites and even eavesdrop using the microphone.

It also enables the remote operator to reboot, lock or unlock the affected devices.

R4.4m still not recovered

By March, ABSA had recovered R30.8m, which was deposited back into the municipal account on February 27.

However, R4.41m remains unaccounted for after being unlawfully transferred to a specific company.

The municipality has since filed an urgent high court application to liquidate the company, with a hearing set for Wednesday (March 26).

Further investigation revealed that the software was installed in November last year and set to auto-start upon booting the devices.

Three laptops used to gain access to system

Municipal spokesperson Sifiso Zulu said the installation was done using credentials from a current employee and a former staff member.

“On January 31, all three of the computers taken for analysis experienced a forced redirect to a domain which will display “ERROR Check Internet Connection-IP_CONFLICT” when they attempted to access the Internet or the ABSA Access system, specifically during the period of the fraudulent transactions.

“As it appears that the three laptops analysed were unable to access the ABSA Access system during the period of fraudulent transactions, it could mean that different computers were used to perform the fraudulent transactions using the compromised credentials of the three users,” said Zulu.

Forensic investigation launched

In response, the council has resolved to appoint forensic investigators to determine the full extent of the breach and its link to the fraud.

A full IT security audit will also be conducted to remove unauthorised software and strengthen cybersecurity measures.

Additionally, the municipal manager has been authorised to work with the Saps Commercial Crimes Unit, ensuring ABSA’s findings are incorporated into the ongoing investigation.