A 40-year-old Nigerian, suspected of stealing more than $60 million through business e-mail compromise (BEC) scams and CEO fraud, has been arrested.
The arrest is the result of a joint operation by Interpol and the Nigerian Economic and Financial Crime Commission utilising Trend Micro research.
The Nigerian national, only referred to as 'Mike', is believed to be the leader of a 40-person network across Nigeria, Malaysia and SA that provides malware and carries out attacks. He is also suspected of colluding with money launderers in China, Europe and the US who provided illicit bank account details in which stolen money was housed.
In the first instance, the fraudsters hijacked or spoofed a supplier's e-mail address, requested payments from target businesses, and directed the funds to phony bank accounts. In the second, the scammers - pretending to be top execs - sent e-mails to unwitting employees requesting fraudulent wire transfers.
Nine of the diverted payments exceeded $100 000 a piece and one case alone lost an organisation $15.4 million.
Another man, a 38-year-old allegedly involved in the operation, was arrested as part of the sting as well. The pair of suspects, currently on bail, face charges of hacking, conspiracy and obtaining money under false pretences.
Security solutions vendor Trend Micro says its investigation on 'Mike', who also used the aliases Chinaka Onyeali and Beasley Martyn, started in late 2014 when the company was looking at Predator Pain and Limitless - malware known to be used in BEC scams.
Analysing the command-and-control infrastructure used by the malware allowed Trend Micro to track 'Mike' down. All information gathered on 'Mike' was then given to Interpol in late-2014. This, combined with information from other researchers, led to his arrest in June 2016.
According to Trend Micro, BEC scams have proven to be effective, with criminals stealing large amounts of money from various businesses. It notes that from 2013 to 2015, BEC-related damages were estimated at $2.3 billion, eventually leading to more than $3 billion in 2016.
Targeting employees dealing with company funds (accounting, administrative and financial staff) and impersonating C-level executives has proven to be a very successful tactic, with multiple companies falling victim to this kind of scam, says Trend Micro.
"Arrests like this are made possible by partnerships between members of the security community that come together with the common goal of making the Internet a safer place," says Noboru Nakatani, executive director of the Interpol Global Complex for Innovation. "BEC scams are particularly difficult to combat due to their complexity, which is why public-private sector cooperation is essential."
Darryn O'Brien, country manager at Trend Micro Southern Africa, says the security solutions vendor also relied on open source intelligence to confirm connections between the information the company was able to gather.
"Mike is actually just one of the cyber criminals we've investigated - we've done research on other BEC masterminds in the past. Just last year, we reported about two Nigerian cyber criminals who were launching BEC attacks using a $35 malware.
"This year we also found Olympic Vision, a malware used by cyber criminals to target companies in Asia and the Middle East. We will continue to work with law enforcement on these cases so hopefully we'll see more arrests in the future," says O'Brien.
He points out Trend Micro cannot arrest criminals, so it partners with law enforcement agencies around the world.
"Leveraging our key partnership with Interpol is a big part of this success. While there are often a lot of concerns about priority, reaching out to the right people, communication between stakeholders and member countries, etc, in the end, I think all parties involved learned a great deal on how to work together in this particular case," he concludes.
Share