The Criminal Investigation Department (CID) has significantly ramped up its investigation into a sophisticated cyber fraud that resulted in the diversion of $2.5 million (approximately Rs. 750 million) from the General Treasury.
As of Monday, April 27, 2026, investigative teams have recorded formal statements from seven high-ranking officials and seized several state-owned computers for forensic analysis.
The Mechanics of the Breach
The fraud, which took place between late 2025 and January 2026, targeted the Department of External Resources (ERD) under the Ministry of Finance. Early findings suggest that hackers gained unauthorized access to the ERD’s official email systems.
By intercepted and altering communications, the perpetrators successfully redirected a bilateral debt repayment intended for an Australian creditor into a fraudulent third-party account, believed to be based in Dubai.
Internal Disciplinary Action
The Ministry of Finance has already taken swift internal measures following a preliminary inquiry:
- **Four senior officials suspended: This includes an Additional Director General and a Director from the Public Debt Management Office (PDMO), along with a Director and Assistant Director from the ERD.
- Negligence flagged: Deputy Finance Minister Dr. Anil Jayantha noted that the breach indicates a "clear case of negligence" and has not ruled out the possibility of "insider help" or a political motive aimed at destabilizing the current administration.
International Cooperation & Forensic Search
Given the cross-border nature of the crime, the CID is collaborating with international partners:
- Australian Federal Police (AFP): Under a Memorandum of Understanding signed last year, the AFP is providing technical data and assistance to track the movement of the stolen funds.
- SLCERT Involvement: The Sri Lanka Computer Emergency Readiness Team is conducting a parallel technical probe to identify the specific vulnerabilities in the state’s digital infrastructure.
- Expanding Scope: The investigation has widened following reports that documents related to a future loan repayment to France have also gone missing from the system, sparking fears of a second attempted heist.
Investigation At A Glance
|
Key Detail |
Information |
|---|---|
|
Total Amount Stolen |
$2.5 Million USD |
|
Targeted Department |
External Resources Dept (ERD) |
|
Primary Method |
Compromised Email / Business Email Compromise (BEC) |
|
International Partners |
Australian Federal Police (AFP) |
|
Status of Suspects |
7 officials questioned; 4 suspended |
"This was not a routine technical glitch. We are probing the extent of the breach and the involvement of international cybercrime networks." > — Dr. Anil Jayantha, Deputy Finance Minister
The CID’s cyberforensic team continues to analyze laptops, mobile phones, and SIM cards used by the staff involved. Opposition leaders have called for a full parliamentary oversight inquiry, labeling the incident a symptom of deeper institutional failure.
