onelanka

The recent USD 2.5 million heist from the Sri Lankan Treasury is a national embarrassment. It's not just a technical glitch. It is a catastrophic failure of basic security protocol at the highest level of government. I think it's clear that the External Resources Department (ERD) was caught sleeping. Hackers intercepted emails between the Treasury and Australian creditors to divert debt repayments. This is Business Email Compromise (BEC) 101, yet our "experts" let it happen with millions of taxpayer dollars on the line. The Illusion of Security I find it pathetic that we are pushing for a "cash-lite" economy while our own Treasury can't even secure a Gmail-level communication chain. If hackers can sit in the middle of a sovereign debt repayment, they are likely sitting in every other ministry too. The government keeps blaming "misinformation," but the only fact that matters is that the money is gone. This wasn't a sophisticated "realmhacking" operation. It was a failure of human oversight and outdated infrastructure. The Cost of Incompetence I believe this breach erodes what little international trust we have left after debt restructuring. Creditors will now question if our digital systems are even fit for purpose. Digital transformation without security transformation is just an invitation for theft. We need more than a CID investigation; we need a complete purge of legacy systems and the incompetent protocols that allow "email interception" to become a national crisis.

The Trump dinner shooter was a ZIONIST! Do NOT let the media hide this! If it were the other way around, it would be EVERYWHERE!

From what I can gather from the article, the Deputy Minister seems to be saying there’s no direct system breach, at least not at the code or application level. That usually means this wasn’t a “hack” in the traditional sense, but something that targeted people instead of systems. That points quite strongly toward a social engineering attack, most likely Business Email Compromise (BEC), which is what the press is widely reporting. This is essentially tricking someone into trusting a fake or manipulated email and taking action. These attacks don’t need to break into systems; they rely on exploiting human trust, often using very convincing emails or even compromised accounts. (Picture ⬇️) There’s still a missing piece here though, the email environment. Because in many of these cases, the real entry point is compromised credentials or access to email accounts, not the core system itself. On the second point about the Finance Ministry not being connected to the NSOC; It was declared open by President last year. Some context; A Security Operations Center (SOC), even at a national level, is mainly about monitoring and detecting threats. It can help spot suspicious activity, but it doesn’t automatically stop phishing or BEC attacks from happening. Phishing is not a visibility problem alone, it’s a people and process problem. Preventing it requires things like better user awareness, stronger login protections (like MFA), and tighter email security controls. So overall, this looks less like a failure of systems, and more like a gap in how we secure identities and handle email-based threats.

POPE LEO CONDEMNS ISRAEL: “I carry the image of a Muslim child killed in Lebanon, who, during my visit to Lebanon, was standing there holding a sign that said "Welcome, Pope Leo," and in this latest phase of the war, he was killed. I cannot be in favor of war.” 🇻🇦🇮🇱