An investigation into the alleged misdirection of $ 2.5 million in state funds has raised serious concerns about cybersecurity and financial oversight within Sri Lanka’s public institutions.
The inquiry, conducted by the Criminal Investigation Department’s (CID’s) Computer Crimes Division, focuses on a payment made through the Treasury as part of a loan repayment. The funds, belonging to the Central Bank of Sri Lanka, are suspected to have been transferred to a fraudulent party.
Officials informed the Colombo Fort Magistrate’s Court, presided over by Magistrate Isuru Neththikumara, that the investigation began after a complaint was received on March 24. The case is being examined under the Public Property Act, the Penal Code, and the Computer Crimes Act.
According to investigators, the issue appears to have arisen during a payment to Export Finance Australia, an institution linked to loans provided by the Australian government for several development projects in Sri Lanka. These loans are currently being repaid under a debt restructuring program.
Payments had previously been made to an official email address ending in “.gov.au.” However, authorities found that the email address had later been changed to a similar-looking domain, “exportfinanceav.com.” This change is believed to have played a key role in redirecting the funds.
Investigators also revealed that a warning about the domain change had been issued on October 28 by an external organization. Despite this alert, the payment was still processed.
Further examination of the Department of External Resources’ data systems has shown that certain information had been deleted. Authorities are continuing to investigate whether this was done deliberately.
At present, no suspects have been identified. However, the court has imposed a travel ban on five officials who had access to the email account involved in the transaction. Their bank accounts have also been ordered to be examined.
To support the investigation, the court has approved the appointment of an expert committee. This group will include representatives from the Government Analyst’s Department, the Sri Lanka Computer Emergency Readiness Team (CERT), and the University of Colombo’s Faculty of Computing.
Sri Lanka has relied on foreign loans to fund development projects, including financing from Australia through Export Finance Australia. As the country continues its debt restructuring efforts, proper management and monitoring of such funds are essential.
Globally, cyber fraud schemes — such as email spoofing and fake domain names — have become more common. These scams often rely on small changes in email addresses to mislead officials into sending money to unauthorized accounts.
However, the court has directed the Criminal Investigation Department to report on the progress of the investigation by June 3. The outcome of this case is expected to highlight the need for stronger safeguards, better verification procedures, and improved response to cybersecurity warnings within public institutions.
Leave a comment