Criminals in South Africa have carried off a cunning remote access heist that has left one of the country's banks nursing a stunning $5.2 million (42 million Rand) loss.

After opening accounts at the South African Postbank months in advance, between 1 and 3 January the gang remotely accessed the computers of two employees using valid logins which were linked to the money transfer system.

Large sums of money were then moved to the mule accounts before being withdrawn from ATMs across the country as cash.

The transfers were apparently not picked up by the internal fraud detection system which might have had something to do with the fact that the period of the theft coincided with a New Year holiday.

The Zambian-based Sunday Times newspaper quoted an unnamed source willing to point the finger at poor IT.

"The Postbank network and security systems are shocking and in desperate need of an overhaul. This [the bank theft] was always going to be a very real possibility," the source said.

"At first glance you have to say the intrusion detection system on its servers were obviously not working properly. It will be difficult for the post office to detect and stop something like this. But if they had the will and knowledge it could certainly have been prevented."

Direct thefts from bank systems are rare, or at least if any have happened they have not been made public. The conventional route to a bank’s money is by compromising the accounts of customers who then attempt to claim the sums lost back from the institution.

Perhaps the most famous example of an inside job is the 2004 conspiracy to steal hundreds of millions of pounds from Japan’s Sumitomo Mitsui Bank in London by a gang that included a staff member with inside knowledge. The theft was only foiled because those involved failed to negotiate the electronic transfer system correctly.

Because the Postbank is owned by the country’s national Post Office the theft has the making of a political scandal. Police and the South African National Intelligence Agency (NIA) have launched their own investigation.