The National Bureau of Investigation announced Friday the arrest of five people, two of whom are Nigerian nationals, for their involvement in the “Mark Nagoyo Heist Group” that was responsible for hacking Banco de Oro, affecting more than 700 customers.
In a statement, NBI Officer-In-Charge Director Eric Distor identified the suspects as Ifesinachi Fountain Anaekwe a.k.a. Daddy Champ, Chukwuemeka Peter Nwadi, Jherom Anthony Taupa, Ronelyn Panaligan, and Clay S. Revillosa.
Anaekwe and Nwadi were presented for inquest proceedings before the Office of the Prosecutor General for Trafficking in Unauthorized Access Devices under the Access Devices Regulation Act of 1998.
Taupa was presented for inquest for Misuse of Devices under the Cybercrime Prevention Act of 2012.
Anaekwe and Nwadi were arrested in an entrapment operation conducted by operatives of NBI-Cybercrime Division in Mabalacat, Pampanga on January 18, 2022.
The operation stemmed from a tip provided by the informant who had transactions with the suspects.
The informant voluntarily appeared before the NBI-CCD to give information regarding several individuals believed to be leaders, members, or affiliates of the Mark Nagoyo Heist Group.
In December, initial reports suggested an unknown group perpetrated a massive heist involving BDO and more than 700 of its customers.
Reports said the group was able to access customers’ bank accounts while supposedly bypassing the One-Time-Pin requirement and drained funds in those accounts.
Email confirmations for the bulk of the illegal transfers showed that they were made by a certain Mark D. Nagoyo.
According to the informant, the suspects were engaged in the business of providing access devices to anyone looking for options to cash out funds fraudulently obtained.
These access devices range from bank accounts, crypto wallets, or even point-of-sale terminals of otherwise legitimate merchants.
Further, when a certain Mark Froilan called the informant about money cash outs, the latter contacted Anaekwe who then said that he will provide the informant three different accounts so he can transfer P10 million each, apparently referring to the funds from BDO.
With these, the entrapment operation was hatched, resulting in the arrest of Anaekwe and Nwadi after they were caught in the act offering accounts for sale.
Meanwhile, Taupa was arrested by operatives of NBI-CCD in a buy-bust operation also on January 18 in Floridablanca, Pampanga for selling “scampage” or phishing websites.
Another informant disclosed that Taupa was one of the masterminds behind the Mark D. Nagoyo Heist.
According to the informant, Taupa was currently offering for sale scampage, particularly an imitation of a GCash web page.
Accordingly, Taupa modified the code to gather the log in details of unwitting victims who would access the scampage in the mistaken belief that they were opening GCash’s official portal.
The owner of the scampage would thus be able to get into the victim’s Gcash accounts to steal their hard-earned funds.
Also arrested in a separate operation by NBI-CCD were Panaligan and Revillosa. Both suspects are likewise involved in the BDO hacking as web developer and downloader, respectively.