Court Locks Case File in Treasury Cyber Scandal; Travel Bans On Five Officials

COLOMBO (News 1st); The Criminal Investigation Department reported facts to court in connection with an incident in which cybercriminals are alleged to have stolen USD 2.5 million from the Sri Lanka Treasury.

After reviewing the progress of the investigation, the Colombo Fort Magistrate’s Court approved a request made by the CID to impose overseas travel bans on five officials.

When the case was taken up before Colombo Fort Magistrate Isuru Neththikumara, the CID revealed several key facts relating to the cybercrime.

It was stated that loan instalment payments made to Export Finance Australia following a debt restructuring process with Australia had been diverted into the hands of cybercriminals.

Translation of Statement By Investigating Officer

“Financial transactions, including loan repayments, had been carried out over a period of time using the official email address of the relevant institution, ‘exportfinance.gov.au’. Based on invoices sent via this email address, the External Resources Department had processed the loan repayments, Your Honour. On October 28, 2025, the company ‘Enable’ issued a warning that the domain name of this email address had been changed. However, despite this warning, the funds transfer was carried out. Your Honour, the official email address is ‘exportfinance.gov.au’. Subsequently, using a commercial motive, a similar domain ‘exportfinanceav.com’ was created. Your Honour, Enable logged into the server system and conducted a data examination. Based on the investigations carried out so far, no evidence has been revealed indicating unauthorised access into the email system.”

The CID informed court that Enable is the company that provided IT services enabling foreign payment facilities to the Ministry of Finance.

The CID further told court that during inspections of the data system of the External Resources Department, it was revealed that certain data had been deleted.

The Magistrate inquired whether this deletion had been carried out deliberately.

Translation of Statement By Investigating Officer

“Your Honour, investigations are still ongoing in this regard. No suspects have been identified at this stage. A comprehensive investigation is being conducted under the Public Property Act, the Computer Crimes Act and the Penal Code. Additionally, Your Honour, the emails of the External Resources Department were downloaded onto the Outlook. However, at the time this incident occurred, computer systems at the institution had also been changed.”

Meanwhile, the CID sought court approval to appoint a special expert committee to conduct a technical investigation into the cybercrime.

The proposed committee includes representatives from the Government Analyst’s Department, the Sri Lanka Computer Emergency Readiness Team (CERT), and the Dean of the Faculty of Computing at the University of Colombo.

Granting permission, the Colombo Fort Magistrate also authorised the inspection of bank accounts belonging to the five officials currently on compulsory leave.

The Magistrate further ordered that, given the sensitive and highly technical nature of the investigation, the case file be placed in the court safe for secure custody.