It was a happy New Year's Day for gang who pulled off...R42m Postbank heist

A BRAZEN hi-tech heist over three days has left Postbank, part of the South African Post Office, out of pocket to the tune of R42-million.

Now the National Intelligence Agency (NIA) and the police have launched a high-level probe.

The theft raises concerns that the security network of the bank - which holds about R4-billion in deposits and through which millions of rands in social grants move each month - is far too fragile.

The 72-hour heist comes as Postbank seeks to become a separate entity and get a full banking licence from the Reserve Bank to allow it to compete with commercial banks while still being state-owned.

The Sunday Times can reveal that what is thought to be a cybercrime syndicate with knowledge of the post office's IT systems launched its operation on New Year's Day.

The syndicate withdrew the last of its loot at 6:11am on January 3. The theft occurred over three days.

The police and post office confirmed the incident.

Brian Dube, spokesman for State Security Minister Siyabonga Cwele, said: "When a government institution is compromised, the NIA will be involved and offer its assistance."

The bank insisted that none of its customers - of whom there are more than four million - was affected but did not answer further questions.

The post office is the body in charge of government's Trust Centre and authentication service provider under the Electronics Communications and Transactions Act.

This means that any government department that performs work using the internet and e-mail services makes use of the post office system.

A senior IT and banking security expert said yesterday: "The Postbank network and security systems are shocking and in desperate need of an overhaul. This [theft ] was always going to be a very real possibility."

The Sunday Times has been told that the syndicate started its operation by opening accounts in post offices across the country late last year.

When the offices closed for the New Year holiday period, the syndicate gained access to a Rustenburg Post Office employee's computer, linked to Postbank's server system, and made deposits into the accounts.

It also increased limits on the accounts to allow extremely large withdrawals.

Over the next three days, ATMs in Gauteng, KwaZulu-Natal and the Free State were used to withdraw cash from the accounts.

The login details of two employees - a teller and call centre agent whose names are known to the Sunday Times - were used. Police would not say if the two are suspects. Questions remain about how low-level employees could have clearance to increase withdrawal limits for such large amounts.

Police confirmed that the first fraudulent transactions started on January 1 shortly after 9am.

Less than 72 hours later - shortly before the post office opened its doors - the withdrawals stopped. By then R42-million had been withdrawn.

Post office spokesman Lungilo Lose confirmed the incident. It is understood that employees with knowledge of the breach were instructed not to divulge any information.

Acting chief executive Nick Buick could not be reached for comment.

Lose said Postbank officials were working with police.

The incident comes three years after Postbank spent over R15-million to upgrade its fraud- detection system.

The security expert said serious questions needed to be raised about Postbank' s internal systems: "At first glance you have to say the intrusion detection system on its servers were obviously not working properly. It will be difficult for the post office to detect and stop something like this. But, if they had the will and knowledge, it could certainly have been prevented."

The Minister of Communications, Dina Pule, has been briefed about the security breach. She said yesterday she would give her full support to the investigation.

Asked if there were concerns about the risk the security breach posed to government departments using the Trust Centre hosted by the post office, Pule said: "The centre has high security parameters to protect all the services delivered through it."