BEC Busts Take Down Multimillion-Dollar Operations

  /     /     /  
Publicated : 23/11/2024   Category : security


BEC Busts Take Down Multimillion-Dollar Operations


The two extraditions of business email compromise attackers indicate a step forward for international law enforcement collaboration.



On Friday, July 3, the Department of Justice announced extraditions of two Nigerian nationals to face charges related to separate business email compromise (BEC) operations. Both men are accused of participating in BEC schemes to defraud US organizations out of millions of dollars.
Ramon Olorunwa Abbas, also known as Ray Hushpuppi and Hush, was expelled from the United Arab Emirates to Chicago, where he made his first court appearance. Charges allege he conspired to launder hundreds of millions of dollars from BEC frauds and other scams.
Abbas was arrested in the UAE last month and brought to the US to face a charge of conspiring to engage in money laundering, as alleged in a criminal complaint filed June 25. This complaint describes an Instagram account with several publicly viewable images of Abbas posing on or in luxury vehicles, wearing designer clothing, and possessing luxury items indicating substantial wealth. In one photo, Abbas posed in front of two vehicles, one of which he said was his new Rolls-Royce Wraith. Multiple photos showed him in private jets or traveling to cities around the world.
The FBIs investigation has revealed that Abbas finances this opulent lifestyle through crime, and that he is one of the leaders of a transnational network that facilitates computer intrusions, fraudulent schemes (including BEC schemes), and money laundering, targeting victims around the world in schemes designed to steal hundreds of millions of dollars, the affidavit
states
.
This case targeted a key player in a large, transnational scheme who used illicit funds to support his lifestyle while allegedly giving a safe haven to stolen money, says US Attorney Nick Hanna in a statement. The affidavit alleges Abbas and co-conspirators conspired to launder funds in a $14.7 million operation targeting a foreign financial institution. Another scheme attempted to defraud a New York-based law firm out of approximately $922,857 in October 2019. In one case, Abbas and others tried to steal roughly $124 million from an English Premier League club.
With Hushpuppi, whats really important about this arrest is he is one of the primary money launderers of the BEC threat landscape, says Crane Hassold, senior director of threat research at Agari. From a financial perspective, that is where I think the biggest impact of this will be.
Hassold describes Abbas as an essential chokepoint to money coming in from US BEC attacks and funds going out to Nigeria. Following his arrest, many Nigerian threat actors will need to find a way to transfer money from point to point. That will take some time, to replace someone at the scale of Hushpuppi, he adds.
A
second case
involves Nigerian national Olalekan Jacob Ponle, also known as Mr. Woodbery and Mark Kain. A criminal complaint accuses him of orchestrating BEC schemes to defraud US companies, which led to attempted or actual losses amounting to tens of millions of dollars. One Chicago company was tricked into sending wire transfers totaling $15.2 million. Ponle was arrested last month in the UAE and, like Abbas, made his first court appearance in Chicago.
Ponles alleged operation lasted the first nine months of 2019, during which one or more actors gained unauthorized access to the email account of a US-based company and sent messages to employees claiming to be from the company or a known contact. These fake emails instructed employees to send wire funds to a bank account set up by money mules at Ponles request. He instructed the mules to convert funds to Bitcoin and send them to a virtual wallet he controlled.
In addition to Chicago, Ponle targeted firms in Iowa, Kansas, Michigan, New York, and California.
Bringing BEC Operations to Justice
These extraditions represent a step forward in how foreign BEC attackers will be brought to justice. The DoJ, in collaboration with the Department of Treasury, recently
published
the first set of formal sanctions against Nigerian cybercriminals. Officials imposed financial sanctions on each of six individuals charged with involvement in BEC operations.
This action represents a significant shift in how the United States responds to these types of criminal activities and demonstrates a willingness to impose cost to cyber actors living abroad outside of the reach of US law enforcement, says Pete Renals, principal researcher for Unit 42 at Palo Alto Networks. He anticipates more extraditions will be announced in coming months.
Its worth noting that many BEC attackers have a global footprint, Hassold points out. Its likely they will be extradited to other countries if they cause more damage somewhere else. Even so, what we see here is not only are more people being extradited for BEC — the transition from arrest to extradition is happening quickly, indicating a willingness among international law enforcement organizations to work together and support extradition for these types of attacks.
Its important to consider that extradition isnt necessarily a long-term solution, says Renals. At a macro level, there is a need for rapid adoption of legal frameworks tailored to what is arguably a new and nascent threat.
BEC schemes havent been around long, but in that time, they have grown exponentially in terms of scale, global reach, and financial impact, he adds. These threats cost businesses $1.7 billion in 2019 alone, the
FBI reported
back in February. In the cases of both Abbas and Ponle, the attackers made hundreds of thousands of dollars in a single operation, emphasizing the financial impact of these types of attacks.
Related Content:
How to Assess More Sophisticated IoT Threats
How Enterprises Are Developing and Maintaining Secure Applications
Chinese Software Company Aisino Uninstalls GoldenSpy Malware
7 Tips for Effective Deception
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays featured story:
Profile of the Post-Pandemic CISO
.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
BEC Busts Take Down Multimillion-Dollar Operations