Reversing 5-6 racket as anti-poverty tool (4)

A cyberattack on ASA Philippines’ digital system provider, Jyosna, resulted in a ransom demand of $200,000 from the cyber threat group Medusa. The demand required payment through a cryptocurrency wallet. Medusa threatened to hold hostage all user passwords and leak the data obtained.

The messages from Medusa referenced Jyosna’s ATMOS System, which provided the digital backbone of the Foundation. Jyosna and ASA jointly reported the hacking incident to the Philippine National Police Cybercrime Division, without engaging directly with the threat actors.

Jyosna’s internal investigation suggested that the breach might have been perpetrated by someone within ASA Foundation itself. Kamrul Tarafder, the founder of ASA Philippines, requested an internal investigation, which was denied.

In November 2023, certain board members, including Ambassador Howard Dee and his son, Richard Dee, began suggesting the potential sale of ASA Foundation. Kamrul claimed that potential buyers had been approached, and he objected to the sale proposal.

On 3 November 2023, Kamrul formally wrote to the board, addressing ASA chairperson Jose Cuisia about his concerns regarding recent changes. He confronted the board about the alleged intention of the Dees to sell ASA Foundation and requested arbitration to resolve the escalating dispute. However, Cuisia denied his request for arbitration and denied that discussions on the sale of the Foundation had taken place.

The board later attempted to turn the tables on him, accusing Kamrul of being the one interested in selling the Foundation and seeking potential buyers. Cuisia subsequently sent a message to the employees, calling the rumors about a potential sale “false and fake news,” attempting to shift the narrative to suggest Kamrul was the one circulating such claims.

At this point, Kamrul said the dispute between him and the Assisi Group (another faction within the foundation) was on full display.

In March 2024, an unauthorized attempt to access Jyosna’s data was reported. ASA Foundation advised the system provider that Trustwave, a third-party cybersecurity firm, had provided them with Jyosna’s data file upon the Foundation’s request. This was the same data file the hackers had failed to obtain during the previous breach.

Kamrul’s son, Simon, vigorously objected to the release of this data, as it was done without his knowledge or consent. Trustwave, which was hired to investigate the breach, had been instructed by Jyosna not to disclose any data to anyone, including ASA Foundation. The firm was only supposed to investigate and provide expert opinion, but it exceeded its authority by yielding to ASA Foundation’s request for the data.

Simon demanded that the files disclosed without authorization be deleted, but the request was ignored.

On 2 April 2024, between 6 and 6:30 p.m., Kamrul and Simon received a parcel left at the Manila Luxury Condominium concierge/reception desk, handed over by an individual who appeared to be a foreigner of Caucasian descent.

The contents of the package included: a smartphone with a SIM card; a printed message in a foreign language which, when translated using Google Translate, read: “Answer the phone when it rings;” a printed message detailing the threat actors’ demand of 50 million in cryptocurrency within 72 hours, along with a list of purported bank accounts around the world supposedly belonging to Simon, Kamrul, and their family members; and several printouts of what appeared to be pictures of Simon, Kamrul, and their family, along with their personal information.

Some of the photos were taken from social media, while others appeared to have been taken using smartphones while the threat actors were following or stalking them without their knowledge.

The message indicated that the threat actors possessed personal information about Kamrul and Simon, as well as their family, and were demanding 50 million (currency unspecified) in cryptocurrency to be paid within 72 hours. (To be continued)