FOUR persons, including a Nigerian, have been indicted by the Department of Justice over the hacking attack that targeted customers of BDO Unibank Inc. last year.
Indicted for violation of Republic Act 8484 or the Access Devices Regulation Act and RA 10175 or the Cybercrime Prevention Act of 2012 were Nigerian Ifesinachi Fountain Anaekwe, also known as “Daddy Champ,” and Filipinos Jherom Anthony Taupa, Ronelyn Panaligan, and Clay Revillosa.
Another Nigerian, identified as Chukwuemeka Peter Nwadi, is under further investigation.
The two Nigerians were nabbed in an entrapment operation by the National Bureau of Investigation in Mabalacat, Pampanga last Jan. 18. Taupa, Panaligan and Revillosa are also under the custody of the NBI.
Last December, more than 700 customers of BDO lost money to an unidentified group of hackers through unauthorized online bank transfers.
Initial investigation showed the bulk of the online transfers from the hacked accounts were allegedly perpetrated by a certain “Mark Nagoyo.”
The indictment, based on the investigation conducted by the NBI Cybercrime Division, said the tasks of the respondents were compartmentalized but the participation of each one was vital in the fraudulent transfers or illegal access of online accounts.
The indictment said that during the entrapment operation, “Daddy Champ” offered different company accounts that can be used to transfer P10 million each. The company accounts serve as “dropping accounts” and were being sold for P2,000 each.
“The evidence established that it was Anaekwe who was directly transacting for the sale of the accounts,” the indictment said.
The Justice Department said a motion for the issuance of a precautionary hold departure order will be filed against Nwadi while a hold departure order will be issued against Anaekwe.
The DOJ said Taupa was found to be selling “a “SCAMPAGE” or a phishing website, an imitation of the webpage of GCash, a well-known electronic money issuer. The scampage was used to harvest the login details, usernames, passwords, and mobile personal identification numbers of unwitting victims who would access the website on the mistaken belief that they were accessing GCash’s official portal.
The indictment said Panaligan is a “verifier” and seller of dummy accounts. As a verifier, Panaligan pretended to be conducting a survey and asked the victims for their identification cards and took their photos, with a P50 fee given to the owners of the cards for “participating in the survey.”
The DOH said Panaligan used the information and photograph of her victims to apply for verified Gcash or Paymaya accounts.
Revillosa was found to be selling 800,000 mailing lists (e-mail addresses) containing log-in credentials of online banking accounts for P30,000 each.