Nigerian scammer arrested by FBI could be behind €13m BOV cyberattack

The United States government has gained custody of a Nigerian man who could have been behind the multi-million cyberattack on Bank of Valletta in February 2019.

The FBI’s criminal complaint says that Ramoni Igbalode Abbas aka “Hushpuppi”, who amassed 2.4 million followers on Instagram flaunting luxury cars, designer clothing, and private jets, conspired to “launder funds intended to be stolen through fraudulent wire transfers from a foreign financial institution, in which fraudulent wire transfers, totalling approximately €13 million were sent to bank accounts around the world in February 2019.”

The FBI said Abbas’s co-conspirator conspired with the persons who initiated the fraudulent wire transfers, to launder the funds that were intended to be stolen. Abbas specifically provided the co-conspirator with two bank accounts in Europe that Abbas anticipated would each receive €5 million of the fraudulently obtained funds.

Read More HSBC warned of BOV hackers last year

“Based on information from FBI agents investigating the cyber-heist from the Foreign Financial Institution, I know that, on February 12, 2019, the Foreign Financial Institution suffered a computer intrusion and cyber-heist in which approximately €13 million (approximately $14.7 million) was fraudulently wired from the Foreign Financial Institution to bank accounts in multiple countries,” the co-conspirator told the FBI. 

According to the FBI’s investigation, in a message on 16 January, 2019, the co-conspirator contacted Abbas for these two bank accounts, which he said would be from the country in which the bank is located. 

The “hit” was said to be planned for 12 February. Abbas sent him a Romanian bank account he used for larger amounts. 

Hackers sometimes will attempt to conduct cyber-heists by gaining access to a bank’s computer network and then sending fraudulent and unauthorized SWIFT messages. 

SWIFT (Society for Worldwide Interbank Financial Telecommunication) provides a network that enables financial institutions worldwide to send and receive information about financial transactions. SWIFT does not facilitate funds transfers but sends payment orders, which must be settled by correspondent accounts that the institutions have with each other. 

On 13 February, 2019 Abbas sent screenshots showing that the funds had not arrived in the Romanian bank account. The co-conspirator responded, “Today they noticed and pressed a recall on it, it might show and block or never show.” He then sent an image of a news article to Abbas detailing the theft of funds from the foreign financial institution, followed by a message stating “Look it hit the news.” Abbas then replied “damn.” The co-conspirator said: “Next one is in few weeks will let U know when it’s ready. to bad they caught on or it would been a nice payout.” 

Abbas is accused of participating in a number of “business email compromise” scams. By posing as trusted employees or customers of a target organization, Abbas and his fellow fraudsters allegedly tricked employees into sending large sums to bank accounts they controlled. 

Abbas’s alleged role was to find bank accounts that could accept millions of dollars in stolen cash without raising red flags. Abbas provided co-conspirators with wire information for accounts in Romania, Bulgaria, Dubai, Mexico, and elsewhere. 

The FBI was able to obtain minute-by-minute documentation of Abbas’s participation in these schemes after apparently gaining access to the iPhone of an Abbas associate who was arrested at a US airport last October. 

After arresting Abbas last month, UAE authorities expelled him to the United States. The FBI says that business-email compromise scams by Abbas and others, cost companies at least $1.7 billion in 2019 alone.

The EFCC, Nigeria’s government anti-corruption agency, put out a thread of tweets on 18 June confirming that they were cooperating with the FBI to try to investigate parts of his money laundering empire that are still in Nigeria. In the thread they called him “Nigerian most-wanted hacker, Ramoni Igbalode, alias Ray Hushpuppy.”

The Dubai police called their case against Hushpuppi “Operation Fox Hunt 2”– in the video they mention seizing 21 laptops, 47 phones, 15 USB drives, 5 hard drives, 119,580 files, and 13 cars.