British resident Anthony Nnamdi Okeakpu was among 36 cyber criminals who were indicted by U.S. authorities for running Infraud Organisation, an international cyber crime ring that caused up to $530 million (£381 million) in actual losses since 2010.
At its height, the international cyber crime ring boasted over ten thousand registered members, targeted a wide swath of financial institutions, merchants, and private individuals, and intended to cause £1.5 billion in losses.
The U.S. Department of Justice announced yesterday that it indicted as many as 36 cyber criminals after it busted Infraud Organisation, a well-organised international cyber crime ring that boasted nearly eleven thousand registered members and routinely targeted financial institutions, businesses, and individuals for financial gain.
Infraud Organisation was created in 2010 by Svyatoslav Bondarenko, a 34-year old Ukrainian national who was known as ‘Obnon’, ‘Rektor’ and ‘Helkern’ to those who knew him or interacted with him. In the years that followed, the international cyber crime ring engaged in ‘the large-scale acquisition, sale, and dissemination of stolen identities, compromised debit and credit cards, personally identifiable information, financial and banking information, computer malware, and other contraband’.
Of the 36 indicted Infraud organisation members, authorities have already managed to arrest 13 of them, including 29 year-old Anthony Nnamdi Okeakpu, a Nigerian national based in the UK.
According to David Rybicki, the Nigerian deputy assistant attorney general, Okeakpu joined Infraud Organisation in 2010 and thanks to his exploits, was promoted to the rank of VIP member by the organisation’s administrators and leaders.
‘Okeakpu was promoted to VIP member status in April 2014. He also held other posts in the organisation, among those were moderator and super-moderator. Super moderators on the site “oversaw and administered specific subject matter areas within their expertise”, according to US authorities. A VIP member used the forum to gather information to “facilitate their criminal activities”,’ said Rybicki. He added that Okeakpu could face up to 20 years in a US jail if he is extradited.
Other indicted members of Infraud Organisation hailed from the United States, Russia, Pakistan, Australia, France, Italy, Kosovo, Serbia, Egypt, Moldova, Bangladesh, Ivory Coast, Ukraine, Canada, and Macedonia.
According to the Dapartment of Justice, Infraud Organisation’s heirarchy was composed of ‘Administrators’ who managed ‘day-to-day operation of and strategic planning for the organization, approved and monitored membership, and meted out punishments and rewards to members, ‘Super Moderators’ who administered and oversaw specific subject-matter areas, ‘Moderators’ who moderated specific sub-forums, ‘Vendors’ who sold sold illicit products and services to Infraud members, and ‘VIP Members’ who used the Infraud forum to gather information and to facilitate their criminal activities.
‘Infraud operated like a business to facilitate cyberfraud on a global scale. Its members allegedly caused more than $530 million in actual losses to consumers, businesses, and financial institutions alike—and it is alleged that the losses they intended to cause amounted to more than $2.2 billion,’ said Acting Assistant Attorney General Cronan. ‘We are committed to working closely with our international counterparts to identify, investigate, and bring to justice the perpetrators of these crimes, wherever in the world they operate.’
‘The actions of computer hackers and identity thieves not only harm countless innocent Americans, but the threat they pose to our financial system and global commerce cannot be overstated. The criminals involved in such schemes may think they can escape detection by hiding behind their computer screens here and overseas, but as this case shows, cyberspace is not a refuge from justice,’ said Derek N. Benner, Acting Executive Associate Director of U.S. Immigration and Customs Enforcement’s Homeland Security Investigations (HSI).
‘Although the organisation has been dismantled, it still raises an important point for companies: how can they make sure they are providing services to the legitimate customers when bad actors make it so easy to buy personal information?’ says Ryan Wilk, vice president at NuData Security Inc.
‘The success of an organisation whose motto is “In Fraud We Trust” is a clear sign that companies need to rethink authentication and incorporate continuous validation techniques based on data that can’t be mimicked, such as passive behavioural biometrics,’ he adds.
This isn’t the first time that authorities have been able to bust a well-organised and highly secretive international cyber crime ring. In July last year, the United States’ FBI, the Drug Enforcement Agency, and the Dutch National Police managed to bust AlphaBay and Hansa darkweb, two of the most popular malware-trading marketplaces on the Dark Web.
While Hansa was known for hosting a number of powerful cybercrime malware including the source code for CyrptoLocker, an infamous ransomware that helped hackers earn $27 million in December of 2013 alone, AlphaBay enabled criminals to buy and sell a number of powerful malware including Philadelphia Ransomware, CTBlocker, Stampado and Blackmail Bitcoin Ransomware.