Asia News

NBI Arrests 5 Suspects in BDO Bank Hacking

The National Bureau of Investigation (NBI) today announced the arrest of five individuals, two of whom are Nigerian nationals, for their involvement in the “Mark Nagoyo Heist Group”, a group responsible for hacking BDO affecting more than 700 customers.

NBI Officer-In-Charge (OIC) Director Eric B. Distor identified the Subjects as IFESINACHI FOUNTAIN ANAEKWE a.k.a. DADDY CHAMP, CHUKWUEMEKA PETER NWADI, JHEROM ANTHONY TAUPA y DIAWAN, RONELYN PANALIGAN, and CLAY S. REVILLOSA.

Nigerian nationals IFESINACHI FOUNTAIN ANAEKWE a.k.a. DADDY CHAMP and CHUKWUEMEKA PETER NWADI were arrested in an entrapment operation conducted by operatives of NBI-Cybercrime Division (NBI-CCD) in Mabalacat, Pampanga on January 18, 2022. The operation stemmed from an information provided by the informant who had transactions with the Subjects. The informant voluntarily appeared before the NBI-CCD to give information regarding several individuals believed to be leaders, members, or affiliates of MARK NAGOYO GROUP.

NBI officials have identified the hackers behind online money heist targetting BDO, a top bank in the Philippines.

To recall, sometime in December 2021, a group of unknown threat actors perpetrated a massive heist involving BDO and more than 700 of its customers. According to initial reports, this group was able to access customers’ bank accounts while supposedly bypassing the One-Time-Pin requirement and drained funds in those accounts. Email confirmations for the bulk of the illegal transfers showed that they were made by a certain MARK D. NAGOYO.

According to the informant, Subjects were engaged in the business of providing access devices to anyone looking for options to cash out funds fraudulently obtained. These access devices range from bank accounts, crypto wallets, or even point-of-sale terminals of otherwise legitimate merchants. Further, when a certain MARK FROILAN called the informant about money cash outs, the latter contacted DADDY CHAMP who then said that he will provide the informant three (3) different accounts so she can be transferring in it Php 10 Million each, apparently referring to the funds from BDO alluded to by MARK FROILAN.

With these, the entrapment operation was hatched resulting in the arrest of Subjects IFESINACHI FOUNTAIN ANAEKWE a.k.a. DADDY CHAMP and his companion CHUKWUEMEKA PETER NWADI after they were caught in flagrante delicto offering accounts for sale.

Meanwhile, Subject JHEROM ANTHONY TAUPA y DIAWAN was arrested by operatives of NBI-CCD in a buy-bust operation also on January 18 in Floridablanca, Pampanga for selling “scampage” or phishing website.

Another informant disclosed that JHEROM TAUPA is one of the masterminds behind the MARK NAGOYO HEIST. According to the informant, Subject TAUPA is currently offering for sale scampage, particularly an imitation of Gcash Webpage. Accordingly, TAUPA modified the code in order to gather the log in details of unwitting victims who would access the scampage in the mistaken belief that they were opening Gcash’s official portal. The owner of the scampage would thus be able to get into the victim’s Gcash accounts to steal their hard-earned funds. To prove his averments, informant showed the operatives his conversation with TAUPA showing their past transactions involving scampages.

The buy-bust operation was then conducted wherein informant and Subject TAUPA agreed on the price of Php 2,000.00 to be paid in cash direct as consideration for the scampage. The operation resulted in the arrest of Subject TAUPA after receiving the marked money. TAUPA admitted that he was selling Gcash scampages which he stored in his computer.

Further investigation revealed that Subject JHEROM TAUPA is involved in a group heist, being the one sending the emailing list containing personal details of various bank customers to a group of individuals responsible for sending email to the former. The said email contains a link which when clicked, will be used for the hacking process of the heist group.

Also arrested in a separate operation by NBI-CCD were Subjects RONELYN PANALIGAN, and CLAY S. REVILLOSA. Both Subjects are likewise involved in the BDO hacking as web developer and downloader.

Subjects IFESINACHI FOUNTAIN ANAEKWE a.k.a. DADDY CHAMP and CHUKWUEMEKA PETER NWADI were presented for inquest proceedings before the Office of the Prosecutor General, Department of Justice, Manila for Trafficking in Unauthorized Access Devices under Section 9 of RA 8484 otherwise known as the Access Devices Regulation Act of 1998. Subject JHEROM ANTHONY TAUPA y DIAWAN was presented for inquest proceedings before the Office of the Prosecutor General, Department of Justice, Manila for Misuse of Devices under Section 4(a)(5)(i)(aa) of RA 10175 otherwise known as the Cybercrime Prevention Act of 2012.

Leave a Reply