Detectives bust bKash account hacking gang

The Detective Branch (DB) of Dhaka Metropolitan Police has busted a gang of hackers who swindled money from accounts with bKash – a leading mobile financial service provider in the country.  

The detectives arrested: Md Rana Khan, Md Liton, Nayan Sheikh, Titu Mollah, Salman Mollah, Akash Sheikh, Moazzem Hossain, Md Rahim and Md Tanjil at their hideout in Faridpur on Tuesday.

At a press briefing Wednesday, police said they also recovered 10 mobile phone sets, 37 subscriber identity module (SIM) cards and a Probox car from their possession. 

However, law enforcement was unable to give any specific information about how much money had been stolen by the criminals. 

Upon receiving a tip-off, a team of detectives from Gulshan Division, conducted drives in different areas of Faridpur and made the arrests, said AKM Hafiz Akhter, additional commissioner of DMP.

Speaking at the briefing held at the DMP media centre, he said a member of the hacker group, would take photographs of the cash book registers at a bKash agent shop, receiving Tk200 to Tk300 for each page.

The hackers operated their criminal activities while living in a rural village in the district so that no one suspected them, added the police officer. 

The gang even had a special team to collect the money from different bKash agents after cashing the money out; for the task, the gang paid Tk1,000 for the withdrawal of Tk10,000 cash, every time, said the additional commissioner.  

The story did not end here. The hackers also paid a commission of Tk400 for being handed Tk1,000, every time, added the police official. 

The arrestees were shown arrested in a case filed with the city's Bhatara Police Station on September 15, which was filed over the forgery of a bKash account. 

How the gang operated 

They first took photographs of a cash book register at a bKash agent shop. 

Then they sent the photos of the register to hackers through WhatsApp messenger. 

The hackers then, identifying themselves as bKash agents, called the victims' cell numbers and informed them that some money had been mistakenly sent to their accounts. 

Hackers also informed the victims that a complaint had already been registered with the bKash office and the account had been temporarily suspended. 

After a while, the hacker, using a special app, called the victims' numbers again and identified themselves as bKash's official agents. Due to the special application, victims also saw an official number on the cell phone screen such as +016247. 

Then hackers sent a one time password (OTP) to the victims' numbers and asked them to disclose it. 

Soon after victims shared the OTP and PIN numbers with hackers, the criminals took control of the accounts and cashed out all the money at different agent points. 

Mashiur Rahman, the deputy commissioner of the DB, said that the syndicate even bought different people's bKash accounts for Tk3,000 to Tk4,000 to transfer the stolen funds to those accounts. 

About the process, the police official said that syndicates first opened bKash accounts using the identity cards of illiterate persons living in rural villages. Then they sold the accounts to hackers, who used them to transfer their looted funds. 

"We also found some names and identities of people who are also involved with the hacker group and forgery. We are now conducting drives to arrest them," added Mashiur Rahman.