Former soldier who duped CEB customers hacking online payment gateway Remanded
A former Army soldier was taken into custody by the Computer Crimes Division of the Criminal Investigation Department (CID) on Tuesday evening in an area close to Colombo for having hacked the online payment gateway of Ceylon Electricity Board (CEB) which provides online facilities through their website for electricity consumers to pay their electricity bills online and defrauded a sum of more than Rs.100 million.
This individual had defrauded money from business institutions, stating that a 25 percent discount will be granted when paying online. He had hacked the online payment portal of the CEB and the data system of the CEB had indicated that those payments had been made to the CEB.
It has been revealed that this person had carried out this fraud during the period from September 18 to November 25.
During an investigation carried out on November 25 by the CEB Accounts Department had come to know that there was a difference between details regarding payments in the CEB system and money that had actually been credited to the bank.
It had been revealed during the investigation that payments made by 400 consumers during this period had appeared on the system but the money in relation to the payments had not been credited to the bank.
The Information Technology Division of the CEB had also carried out an investigation and thenit had become apparent that the CEB payment gateway on the CEB website had been hacked.
On 28 November, the Computer Crimes Investigation Division of the CID had received a complaint about this. A list of 400 questionable payments had been submitted to the CID. A payment of Rs. 15 million also appeared on this list. It had been revealed the relevant electricity consumer who had paid this amount was from Polonnaruwa.
The CID investigators had met those customers who had made the questionable payments
including that particular customer, and using decoys and tactics during a careful investigation, it was found that they had received a 25 percent discount when paying their electricity bills online.
When making inquiries regarding the person who had granted this discount it was revealed that he was a 26-year-old person who frequents night clubs and casinos. The CID discovered that he was originally a resident of Lunugamwehera but was living in Kaduwela.
When this individual was taken into custody on December 27 and questioned, it was found that he had been deployed in the army for about three years. The CID said that he stated that he had legally left the Army and that an inquiry will be made from the Army.
It was revealed during investigations that this suspect who had studied Advanced Level Arts subjects, had learnt the art of hacking websites through internet. He had told the CID investigators the information as to how he learned to hack websites.
During interrogation, the suspect had also said that he discovered a technical weakness in the payment gateway of the Ceylon Electricity Board’s website and found the ability to pay electricity bills without paying money by entering the website.
According to the investigations, it has been found that he has been engaging in this fraud by paying the electricity bills of businessmen whom he met in the clubs, using this method.
“This individual targets businessmen. He is aware that their electricity bills amount more than Rs.100,000. Initially he makes friends with them. With those connections he builds up trust as well. Documents provided by the CEB to the CID had confirmed that this person had paid around 400 electricity bills using this fraudulent method. As soon as this fraud was revealed, the CEB technology division had taken steps to increase the security of their payment gateway, using new methods of protection.
In the investigation, it has been found that this person had made a business out of the payment of electricity bills and had been appointing agents nationwide through social media. He said that there were several agents that had been appointed and they were given a commission of 10 percent for each bill.
Investigations have revealed that the most payments made by this person were regarding bills of Rupees one million and one and a half million.
Investigations have also revealed that this person had spent a small amount of the fraudulently earned money in casinos. As it appears that he has a large amount of money that has not been spent, investigations are currently underway to find that money and to identify and arrest the people who supported him in this fraud. Investigation officers involved in the investigations include, Ranga Bandara, Charuka Pathum Jayawardena, Nilan Samarasinghe, Asanka Wijesundera and Lahiru Sandakelum under the guidance of Officer-In-Charge of the Social Media Crimes Investigation Division Inspector of Police Ishara Gayashri, supervised by Superintendent of Police W. Jayanethsiri based on instructions of the Director of the Computer Crimes Investigation Division of the CID, Senior Superintendent of Police Lucky Randeniya.
The suspect was remanded till January 05 after being produced before Colombo Additional Magistrate Rajindra Jayasuriya.
No loss to CEB from this scam – GM 
Commenting on the incident, CEB General Manager Rohan Seneviratne yesterday said that the CEB has not incurred any loss due to this scam. He said that a group of CEB customers have been deceived by this individual by promising them a 25 per cent discount from each bill settled through online portal.
Currently, the online payment portal has been temporarily suspended to rectify the fault and it will be available soon, he said.
The incident was informed to the CID and the Sri Lanka CERT, he said.