Nigerian fraudsters have been harvesting hundreds of thousands, if not millions, of business email account logins, policy say.
One of the larger Nigerian cybercrime gangs, known as SilverTerrier, has been hit in a law enforcement operation, with 11 individuals arrested in December, Interpol announced on Wednesday.
The international policing agency said the suspects appeared to have targeted as many as 50,000 different individuals and companies via so-called business email compromise. These so-called BEC scams help criminals find a way to intercept emails, either via hacking into accounts or spoofing email addresses, and trick companies into sending funds to the fraudsters rather than business partners with whom they believed they were interacting. BEC remains the most costly kind of fraud to Americans. According to the FBI’s most recent annual cybercrime report, losses totaled $1.8 billion in 2020 alone, with global losses estimated to be close to $5 billion in the years between 2018 and 2020. That makes it a far more financially damaging crime than ransomware, one of the better-known kinds of cyberattack.
The SilverTerrier gang is known as one of the more successful BEC fraud groups, and Interpol said initial analysis of one of the 11 suspects’ computers indicated they were in possession of more than 800,000 usernames and passwords, which could potentially have been used to hack into company email accounts.
Another suspect was found to be monitoring conversations between 16 companies and their clients to divert legitimate transactions just as they were about to be made, Interpol said.
Nigeria’s assistant inspector general of police, Garba Baba Umar, said that working with Interpol, he was able to “give the order to hunt down these globally active criminals nationwide, flushing them out no matter where they tried to hide in my country.”
Craig Jones, Interpol’s director of cybercrime, added: “Interpol is closing ranks on gangs like SilverTerrier. As investigations continue to unfold, we are building a very clear picture of how such groups function and corrupt for financial gain. . . . We know where and whom to target next.”
Cybersecurity company Palo Alto Networks tracks all BEC fraud coming out of Nigeria under the name SilverTerrier and has found that among the nearly 500 different “actors” involved, they were “often connected through only a few degrees of separation on social media platforms,” showing links between over 120 actors.
In a blog post due to be released later this week and provided to Forbes ahead of publication, Palo Alto said it had assisted in the Interpol investigation and provided details on some of the individuals arrested. “This operation was novel in its approach in that it didn’t target the easily identifiable money mules or flashy Instagram influencers who are typically seen benefiting from these schemes. Instead, this operation focused predominantly on the technical backbone of BEC operations by targeting the actors who possess the skills and knowledge to build and deploy the malware and domain infrastructure used in these schemes,” the company post read.
The company claimed that one of those arrested had previously been apprehended by the FBI in 2018. “His recent arrest marks one of the first known instances of a Nigerian actor being arrested twice for BEC,” it added. Another suspect was part of an organization called “The Money Team” (or TMT), which has ostensibly legitimate businesses, including one that makes professional cakes and another that claims to be one of Nigeria’s biggest travel and tour providers. A picture of the suspect obtained by Palo Alto researchers shows him standing next to luxury cars carrying the TMT branding.
Palo Alto claims one of those arrested in Nigeria for BEC fraud was helping run a seemingly legitimate business.
According to Group-IB, another cybersecurity company that assisted on the law enforcement operation, the gang typically relied on phishing as their way into a company’s email account.
“After compromising a patient zero, fraudsters analyzed their email correspondence. By enabling special filtering of emails, the cybercriminals ensured that interesting emails (containing payment information) addressed to the victim are first redirected to fraudsters’ fake email boxes or are hidden from the victim in service directories,” a company spokesperson told Forbes.
Group-IB provided Forbes with an example phishing email, showing how the gang posed as legitimate employees and encouraged swift payment into their bank accounts.
An example phishing email of the Nigerian fraud gang, according to Group-IB.
Collectively, Nigeria’s BEC groups make up a sprawling illicit industry. By 2019, Nigerian BEC fraudsters had produced more than 81,300 kinds of malware linked to 2.1 million attacks.
Perhaps the best-known Nigerian BEC fraudster is Ramon “Hushpuppi” Abbas, who found fame as an Instagram influencer, but was charged with conspiring to launder hundreds of millions of dollars from BEC frauds and other scams. One of the more shocking allegations was one claiming he worked with North Korean hackers to launder funds stolen from a Maltese bank. He pled guilty to money laundering in mid-2021.