In Summary
  • BEC fraud is a new sophisticated type of cyber-enabled crime facilitated by the Internet where fraudsters use hacked email accounts to convince businesses or individuals to make payments that are either bogus or similar to actual payments owed to legitimate companies.

  • As part of the scam, fraudsters learn about key personnel in companies who are responsible for payments as well as the protocols necessary to perform wire transfers in various companies and then target the businesses that regularly perform wire transfer payments.

On August 1 last year, employees at the finance department of the little-known Fairfax County, which forms part of the suburban ring of Washington, DC in the United States, received an email they believed to be from the headquarters of Dell Computers in Texas.

Fairfax had a running multimillion-dollar computer supply deal for its schools in the county, and the email indicated it had been written by the Accounts Payables department of Dell. It asked Fairfax to reroute its pending payments, which were almost due, to another account in Ohio.

ELECTRONIC TRANSFERS

Fairfax County obliged, and from August 8 to September 10 sent a total of $1,345,423.20 (Sh134 million) to the new account using electronic transfers. In total, the county sent 28 payments ranging from as low as $328 (Sh32,800) to as high as $241,223 (Sh2.4 million).

Unknown to the county, the money was being transferred almost immediately it hit the Ohio account to several other accounts worldwide before ending up thousands of kilometres away in the hustle and bustle of Nairobi. By September 10, when Fairfax County discovered it was being defrauded, some $526,517.04 (Sh52 million) had already been withdrawn in Nairobi.

“The fraudulent email account was very similar to a Dell employee’s true email address and contained revised banking information for Dell,” evidence filed in US courts would later say.

This discovery triggered a chain of investigations which were eventually taken over by the Federal Bureau of Investigations (FBI), which was deployed to Nairobi. The global hunt for the suspects, code-named Operation reWired, was then widened to include a search for criminals in similar schemes. It eventually led to the arrest of 281 suspects from nine countries and was only made public last week by the FBI.

Following that revelation, the Nation is today giving you details of one of the most brazen Kenyan cyber theft syndicates in recent history.

The FBI sweep resulted in the seizure of nearly $3.7 million (Sh384 million) and the disruption and recovery of approximately $118 million (Sh12 billion) in fraudulent wire transfers.

“The FBI is working every day to disrupt and dismantle the criminal enterprises that target our businesses and our citizens,” said FBI Director Christopher Wray. “Through Operation Re Wired, we are sending a clear message to the criminals who orchestrate these Business Email Compromise (BEC) schemes that ‘I will keep coming after you, no matter where you are’. The effects of this crime are far-reaching, and the dollar amounts involved are staggering.”

The FBI has since 2013 gathered reports of more than $10 billion (Sh1 trillion) in losses from US victims alone. The worldwide tally is more than $26 billion (Sh2.6 trillion).

BEC fraud is a new sophisticated type of cyber-enabled crime facilitated by the Internet where fraudsters use hacked email accounts to convince businesses or individuals to make payments that are either bogus or similar to actual payments owed to legitimate companies.

As part of the scam, fraudsters learn about key personnel in companies who are responsible for payments as well as the protocols necessary to perform wire transfers in various companies and then target the businesses that regularly perform wire transfer payments.

Interestingly, Kenya and Nigeria were the only African countries on the list of nations where the FBI made arrests and recovered property bought by scammers after a year of investigations. Other countries in the list include Italy, Japan, Malasyia, United Kingdom, France and Turkey.

The big puzzle for the FBI was how Kenya and Nigeria, two African countries with meagre computing skills and resources, had hacked their way into a list of major global cybercrime hotspots.

But with its good Internet speeds, easy availability of cheap computers and a robust banking system driven by technology, it is not difficult to figure out why Kenya has bred such sophisticated criminals.

So entrenched is the vice among Kenyan hackers that the US government now has a special unit whose role is to monitor cybercrime emanating from IP addresses in Kenya.

The American Embassy in Nairobi declined to give us the list of Kenyans who were arrested and extradited to the US to face charges, or the assets repossessed during Operation Re Wired.

Page 1 of 2