2 Nigerians, 3 Filipinos arrested for alleged ‘hacking’ of over 700 BDO accounts last December


National Bureau of Investigation (2)

Two Nigerians and three Filipinos have been arrested in separate entrapment operations this week for their alleged involvement with the so-called “Mark Nagoyo” heist group that hacked over 700 accounts of Banco de Oro (BDO) depositors last December, the National Bureau of Investigation (NBI) announced on Friday, Jan. 21.

NBI Deputy Director Ferdinand M. Lavin identified during a press conference the two arrested Nigerians as Ifesinachi Fountain Anaekwe, also known as Daddy Champ, and Chukwueweka Peter Nwadi.

The three Filipinos were identified as Jherom Anthony Taupa, who has been identified by an informant as “one of the masterminds in the ‘Mark Nagoyo’ heist group,” Ronelyn Panaligan and Clay Revillosa.

The NBI said in a statement that the five persons were arrested in separate entrapment operations as part of the NBI’s Cybercrime Division (NBI-CCD) investigation concerning “a massive heist involving BDO and more than 700 of its customers” last December.

“According to initial reports, this group was able to access customers’ bank accounts while supposedly bypassing the One-Time-Pin (OTP) requirement and drained funds in those accounts,” the NBI said.

“Email confirmations for the bulk of the illegal transfers showed that they were made by a certain Mark D. Nagoyo,” it added.

The two Nigerians and Taupa have been presented for inquest before the Office of the Prosecutor General (OPG) at the Department of Justice (DOJ) in Manila.

The two Nigerians were charged with violations of Trafficking in Unauthorized Access Devices under Section 9 of Republic Act 8484, the Access Devices Regulation Act of 1998, while Taupa was charged with Misuse of Devices under Section 4(a)(5)(i)(aa) of RA 10175, the Cybercrime Prevention Act of 2012.

Revillosa and Panaligan were presented for inquest before the OPG also for violations of RA 10175 following their arrest in Pasig City last Jan. 18.

“Both Subjects (Revillosa and Panaligan) are likewise involved in the BDO hacking as web developer and downloader,” the NBI noted.

During the probe, the NBI said it learned from an informant that the Nigerians were “engaged in the business of providing access devices to anyone looking for options to cash out funds fraudulently obtained.”

“Further, when a certain Mark Froilan called the informant about money cash outs, the latter contacted Daddy Champ who then said that he will provide the informant three (3) different accounts so she can be transferring in it Php 10 million each, apparently referring to the funds from BDO alluded to by Mark Froilan,” the NBI said.

With this information, the NBI said it hatched an entrapment operation that led to the arrest of the two Nigerians in Mabalacat, Pampanga last Jan. 18.

It said the two Nigerians were “caught in flagrante delicto (in the act) offering accounts for sale.”

Taupa was also arrested last Jan. 18 in an entrapment operation in Mabalacat where he was caught receiving P2,000 in marked money for selling Gcash scampages, the NBI said.

“According to the informant, Subject TAUPA is currently offering for sale scampage, particularly an imitation of Gcash Webpage,” it said.

“Taupa modified the code in order to gather the log in details of unwitting victims who would access the scampage in the mistaken belief that they were opening Gcash’s official portal,” it said.

“The owner of the scampage would thus be able to get into the victim’s Gcash accounts to steal their hard-earned funds,” it added.

Meanwhile, NBI-CCD Chief Victor V. Lorenzo assured that they are on the trail of the other persons involved in the “Mark Nagoyo Heist Group.”

“Kilala na po namin lahat nung members nila although hindi pa naaresto (We now know the identities of all of the members although they have not yet been arrested). Sooner or later makukuha rin namin sila (we will get them),” Lorenzo said.

He said that “Mark Nagoyo” is only a made-up name. “Hindi totoong tao ho yun pero alam namin sino gumagamit (He is not a real person but we know who is using it),” he added.

He noted that the perpetrators failed to encash most of the deposits from BDO after transferring the money to a recipient bank.

“Hindi na-cash out lahat yung fradulent proceeds from one bank to the recipient bank. Na-red flag because of the in-place system by this bank kaya automatically na-flag yung mga transactions na iyon (The fraudulent proceeds were not cashed out after being transferred to the recipient bank. The recipient bank has a system in place that red flags suspicious transactions),” he also said.

Lorenzo explained that the perpetrators gained access to the accounts of depositors through phishing as well as exploiting the vulnerability of BDO in the generation of OTPs.

Phishing is a type of fraud used to acquire bank information from depositors by sending emails that claim to be from legitimate sources.

“We were informed na yung vulnerability na yan na-patch up na ng bank (We were informed that the bank has patched up the vulnerability),” he said.