Audit firm claims hacking but Sri Lanka Cricket disputes it

A forensic audit has found that an alleged wire transfer fraud at Sri Lanka Cricket (SLC) was the result of “business email compromise” (BEC) by hackers who attempted to siphon funds into an offshore account by infiltrating the official email accounts of SLC employees. Piyal Dissanayake, SLC Head of Finance (HoF), was sent on compulsory leave in September 2018 pending inquiry […] But the sporting body maintains that Mr Dissanayake is directly involved. This is because the emails pertaining to the transactions–including the questionable ones–were sent from his account and not a account, they claim. It was not possible to independently verify this. The SLC acknowledged at the time that some emails originated from another IP address. But it claimed the CFO could have done it to “pretend to be hacked” by the use of a proxy site. The SLC also says a hacker cannot stage a “middleman attack” on a particular email address for months without it being noticed. It was not possible to independently verify the time period being referred to.

Leave a Comment