Related Money Laundering Case Relying on ATM Cash-Outs and BEC Schemes Also Unsealed
On February 17, the Department of Justice unsealed a sprawling indictment against three members of North Korea’s military intelligence agency – known as the Reconnaissance General Bureau – for their role in a series of brazen cyberattacks, bank thefts and cryptocurrency thefts around the world. Notably, the indictment builds on charges filed in 2018 against one of the defendants for his alleged role, among others, in the cyberattack against Sony Pictures Entertainment, in apparent retaliation for the production and release of “The Interview,” a movie that depicted a fictional assassination of Kim Jong-un. The indictment is a stark reminder of the fact that cyber-enabled financial crime and money laundering is an increasingly threat to financial institutions, other industries and the public at large.
The indictment alleges a variety of criminal schemes, including attempts to steal more than $1.2 billion from banks in such countries as Bangladesh, Taiwan and Vietnam, through the use of fraudulent SWIFT messages (one of these intrusions, into the Bank of Bangladesh, netted $81 million); the theft of tens of millions of dollars’ worth of cryptocurrency through the use of malware (the FBI, the Treasury Department and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency published a technical report about those applications, also on February 17); and an attempt to raise funds through an initial coin offering of the Ethereum-based “Marine Chain Token,” allegedly intended to assist North Korea in evading U.S. sanctions.
ATM Cash-Outs and BEC Schemes
A separate but related case, also unsealed on February 17 in the Central District of California, concerns Ghaleb Alaumary, a Canadian-American citizen who pleaded guilty for his role in a money laundering scheme involving, among other things, ATM “cash-out” operations for the benefit of North Korea. ATM cash-outs involve the misuse of a bank’s computer systems that, simply put, allows a bad actor to dispense cash from that bank’s ATMs (last year, the FBI and Treasury Department issued a joint advisory warning of such North Korean state-sponsored cash-out schemes). In one instance involving Alaumary, an Indian bank was targeted, causing it to fraudulently dispense more than $16 million. After obtaining funds through an ATM cash-out, co-conspirators were directed to launder the funds, among other means, through a series of wire transfers to separate bank accounts or the exchange of funds for cryptocurrency.
Alaumary’s money laundering efforts further relied on business email compromise (“BEC”) schemes, which involve targeting accounts of either financial institutions, or of entity customers of those institutions, and sending emails to induce transfer of either funds, or of data which can be used to access funds. An email account may be compromised either through a direct intrusion or an impersonation (“spoof”) of an account. The compromised account is then used to instruct other individuals within the company or at a financial institution to initiate a transfer of funds or data. FinCEN issued a 2019 report, Manufacturing and Construction Top Targets for Business Email Compromise, focusing on the growing threat of BEC schemes.
According to the government, Alaumary attempted to locate bank accounts into which fraudulent funds could be deposited. If Alaumary himself did not have access to a bank account that could be used at the time to launder funds, he would ask one or more coconspirators for an account that could be used. If a bank account with a specific business name was required, the coconspirators would coordinate to open bank accounts that could receive fraudulently obtained funds. These coconspirators would attempt to make the business name look similar to the name of the company with which a victim company was corresponding about a business transaction, which made it more likely that the victim company would be tricked into fraudulently transferring the funds.
Alaumary also allegedly conspired with an individual named Ramon Olorunwa Abbas and others to “launder funds from a North Korean-perpetrated cyber-enabled heist from a Maltese bank in February 2019.” In June 2020, the DOJ charged Abbas, a Nigerian national expelled from the United Arab Emirates to the United States, in a separate case alleging that he conspired to launder hundreds of millions of dollars from BEC frauds and other scams schemes targeting a U.S. law firm, a foreign bank and an English Premier League soccer club. Alaumary’s plea agreement reflects that he has been attempting to cooperate with the U.S. government in the investigation.