A Nigerian has been found guilty on all counts for his role in a $1.5 million business email compromise scam. Another Nigerian pleaded guilty in the case.
Authorities in the United States said Ebuka Raphael Umeti, 35, alongside two associates, orchestrated a sophisticated scam involving social engineering and malware. Their scheme, known as Business Email Compromise (BEC), relied on phishing emails and deceptive tactics to deceive businesses into transferring funds or sensitive information.
According to court documents and evidence presented at trial, Mr Umeti and his co-conspirators sent victim businesses phishing emails, which were made to appear as though they originated from trusted senders, such as a bank or a vendor.
These phishing attacks allowed the co-conspirators to gain unauthorized access to victim computer systems and email accounts, including by infecting victim computers with malicious software or “malware” that provided the co-conspirators with remote access.
The co-conspirators then exploited that access to obtain sensitive information, which they used to deceive individuals at victim companies into executing wire transfers to accounts specified by the co-conspirators. As a result of this scheme, the co-conspirators caused or attempted to cause more than $1.5 million of loss to victims.
According to U.S. officials, Mr Umeti began engaging in BEC scams in early 2016 after receiving a phishing email template from Franklin Ifeanyichukwu Okwonna. By 2018, their operations had become profitable, resulting in significant in $571,000 stolen from a New York wholesaler and $400,000 from a Texas metal supplier.
Mr Umeti was convicted by a federal jury in Alexandria, Virginia, on June 13. Co-defendant Franklin Ifeanyichukwu Okwonna, 34, pleaded guilty on May 20 to his role in the scheme.
Sentencing dates are set for August 27 and September 3, respectively, with Mr Umeti facing a potential maximum of 102 years in prison, American media reported, though actual sentencing under the U.S. federal guidelines may vary.
What they said:
“Umeti participated in a sophisticated computer hacking and business email compromise scheme that targeted numerous businesses in the United States,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division.
“Although Umeti and his co-conspirators carried out their scheme from outside the United States, they were not beyond the reach of the Justice Department. Today’s conviction should serve as yet another reminder that, if you target American victims, the Criminal Division is committed to tracking you down and holding you responsible for your criminal conduct, no matter where you are.”
“The reach of cyber criminals is extensive, but so too is the reach of the law,” said U.S. Attorney Jessica D. Aber for the Eastern District of Virginia. “Umeti relied on hidden malware, deception, and an ocean of distance to steal from American businesses and avoid prosecution. Despite those obstacles and obfuscations, a dedicated team of investigators and prosecutors showed outstanding resolve in bringing him to justice.”
“Today’s guilty verdict is a victory in our fight against cybercrime and should serve as a warning to cybercriminals who believe they can operate with impunity,” said Assistant Director in Charge David Sundberg of the FBI Washington Field Office. “The FBI remains committed to relentlessly pursuing those engaged in malicious cyber activities and ensuring they are held accountable.”
Arrest and a third associate
Prosecutors suspect that Mr Umeti and Mr Okwonna later recruited Mohammed Naji Mohammedali Butaish, an alleged Saudi Arabian national awaiting trial.
Butaish reportedly joined the group in 2020, collaborating with Mr Umeti and Mr Okwonna to develop new malware. According to a 2021 indictment by the US Department of Justice, Butaish’s alleged malware sales to his associates and others were a focal point of the investigation.
Butaish has not been arrested yet with uncertainty surrounding his trial due to the lack of an extradition treaty between Saudi Arabia and the U.S.
Mr Umeti and Mr Okwonna were arrested in January in Nairobi, Kenya. A court ordered their extradition to face trial in the U.S. in June.
The FBI nvestigated the case. The U.S. Justice Department’s Office of International Affairs worked with the FBI’s Legal Attaché Office in Nairobi, the U.S. Marshals Service, and Kenya’s Office of the Director of Public Prosecutions and Directorate of Criminal Investigation to secure the extradition of Mr Umeti and his co-defendant.
Discover more from Pluboard
Subscribe to get the latest posts to your email.