Metro Manila (CNN Philippines, January 26) — The Department of Justice (DOJ) filed charges against four suspects for cybercrime and violations of the Access Devices Regulation Act, in connection with the massive hacking incident at BDO last month.
In a briefer dated Jan. 25, the DOJ said it resolved to file charges against Jherom Anthony Diawan Taupa, Ronelyn Panaligan, Clay S. Revillosa, and Nigerian national Ifesinachi Fountain Anaekwe.
The National Bureau Investigation (NBI) earlier arrested the suspects and another Nigerian national, Chukwuemeka Peter Nwadi, during entrapment operations. But only the four were facing charges, while a similar complaint against Nwadi was referred for further investigation.
According to the NBI Cybercrime Division (NBI-CCD), the modus involved illegally accessing the banking system and transferring the money to dummy accounts. So-called “money mules” would withdraw the stolen cash and earn commissions. A number of transfers would then take place before moving the money to the syndicate’s accounts.
The NBI-CCD said each individual had a vital role in the operation.
Anaekwe, also known as Daddy Champ, was said to be working for the Mark Nagoyo Group. He was caught offering different company accounts as “dropping accounts” that could be used to transfer P10 million. Anaekwe was charged with access devices fraud, and a hold departure order would also be filed against him.
Meanwhile, Taupa was found selling a “scampage” or a phishing website that resembled the webpage of mobile wallet GCash. The page was used to retrieve the log-in details of users who were tricked into thinking they were on the official GCash website. Taupa reportedly confessed to developing the scampages and was charged with violating the cybercrime law for misusing devices.
Panaligan was identified as a “verifier” and seller of dummy accounts. As a verifier, Panaligan pretended to conduct surveys that would include asking victims for their identification cards and photographs. She would later sell the information to apply for GCash or Paymaya accounts and offer them to hackers.
Panaligan reportedly confessed her involvement, adding that she already had nine verified Paymaya accounts. She was charged with access device fraud.
Revillosa, a student, was caught selling 800,000 mailing lists or e-mail addresses with log-in details of online backing accounts for P30,000, the DOJ said. The agency added that he admitted to hacking a database to obtain the mailing lists and confirmed that the group behind the hacking earlier contacted him to buy the lists.
Revillosa is facing charges for misuse of devices under the cybercrime law and access device fraud.
The DOJ said Nwadi’s direct participation has yet to be determined. It added that other than his presence during the entrapment operation, there was no other evidence pointing to his involvement. He will be released from detention but the DOJ is set to file a precautionary hold departure order against the Nigerian. Nwadi was also said to be working for the Mark Nagoyo Group.
