In what is a major coup against a rapidly growing cyber threat, in a coordinated global effort called Operation Wire Wire led by the FBI, 74 people have been arrested in what is likely the largest Business Email Compromise (BEC) sting on record. Of the people arrested, 42 were arrested in the USA, 29 in Nigeria, as well as individuals in Canada, Poland and Mauritius. While details will emerge through a variety of proceedings, here’s what we currently know.
The Wire Wire Scam
In 2016, Secureworks published research pointing to a group called Wire Wire that was very active in BEC. Amazingly, how they discovered it was that someone on the Wire Wire team (which had over 30 members at the time) became infected with a malware that uploaded screenshots and other data to an open directory on a web server. This led to the exposure of valuable information about this criminal group which CTU labeled Wire Wire Group 1 or WWG1.
While we haven’t seen any official link between the two, the coincidence of a BEC operation out of West Africa being labeled Operation Wire Wire is interesting. Evidently, the Nigerian Prince or 419 scam has evolved (or expanded) into the Wire Wire scam or, as we call it, BEC.
Operation Wire Wire
Since the FBI started tracking BEC complaints and email fraud, taking down groups like Wire Wire has become a significant priority given the billions of dollars that have been lost to these scams. In their recently released 2017 report, the FBI’s IC3 presented BEC as the source of the biggest losses compared to any other vector. This makes the timing of this operation so critical, interesting and reassuring.
Twenty-three of those arrested were from Southern Florida and account for over $10 million in laundered money, including funds from a corporation in Seattle, various title companies and a law firm. Two others were arrested in Dallas after having laundered approximately $665,000 using spoofed emails (again involving a lawyer in a real estate transaction). A 25 year old from Fort Lauderdale was indicted for having gained access to a real estate attorney’s account and attempting to extract $500,000 a victim. Many more were arrested still, including one Richard Emem Jackson of Lagos, who had the great nickname of Auwire (au is French for “by”, thus “by wire”).
According to research by Gary Warner, one of those arrested, nicknamed Slimwaco, sent a list of the CFOs of 100 Ohio-based companies and another of more than 100 Illinois-based CFOs to colleagues, presumably to use as a targets on a “BEC Hit List”.
There is likely plenty more to come in this case, but with law enforcement taking action against email fraud, victims and the security industry as a whole can be more confident that as a consequence of this investigation, there may be greater crime deterrence. The FBI and other partners are taking cyber fraud more seriously, and this operation makes it apparent that BEC is a real priority.
Key Takeaways From This Takedown
Global cooperation is possible
Cyber crime is a global threat, and is often perpetrated by global crime networks, so it’s encouraging to see that there can be a global coordinated effort in battling cyber crime. This takedown involved teams across the USA, including the FBI, the U.S. Postal Inspection Service, FinCEN, the IRS, and the U.S. Attorney’s Offices across several states, private sector partners, the Nigerian Economic and Financial Crimes Commission, Canadian law enforcement, the Mauritian Attorney-General and Police, Polish Police, Indonesian National Police Cyber Crimes Unit, Malaysian Police and more. That is an almost breathtaking operation – and removes one shield criminals thought they could hide behind: the lack of global initiative and cooperation in combating them.
You can run…
The operation just increased the risk of participating in a BEC scam. Whether you are a mule, or at the top of the chain, there is no free ride. If you are a BEC operative, the FBI and other law enforcement agencies just got more likely to turn their attention to you, that is if they aren’t already there.
A Big boost for Business Email Compromise awareness
This attack should dramatically increase awareness around BEC. Hearing the amount of money individuals and companies have lost is shocking. If we suppose these are wealthier and more educated users – given these attacks involve complex financial transactions – it should be clear that anyone can be a victim. If you are in real estate or a legal field, and especially if in both, you must BEC-proof yourself, because it seems that so many of these victims involved a real estate transaction (as has been an issue we’ve brought up before). And if you are a buyer – insist that your agent, broker and attorney have phishing protection, email encryption and other preventative measures against advanced threats.
The Likelihood that reporting will increase
We have discussed in the past that the FBI numbers provide an incomplete picture of the BEC threat, perhaps due to under reporting because of shame, or lack of awareness of where and how to report. Seeing that he FBI is doing something about it will likely create an increase in reporting as 1) victims will become aware that there’s a name and a place to report a BEC attack, 2) victims will expect to see action based on reporting and, hopefully, 3) victims will see less shame in being the target of a BEC attack, as so many others have dealt with the same issue.
These were not technologically sophisticated attacks
We will learn more about their modus operandi, but it seems very standard. These attackers rely on very little tech know-how compared to many cyber criminals. They do have vulnerabilities as evidenced by the CTU report, but also by the attacks that are really nothing but (as the FBI refers to it at times) “cyber-enabled crime”. It appears they generally phish to gain access to email, then create some series of forwarders to wait for an email regarding a payment. They then pounce and send wiring instructions, often from a spoofed email.
A Very Positive Step
Operation Wire Wire deserves to be lauded for the reasons listed here and more. Cyber security experts can stop the threats, but not the criminals. We are very encouraged to see this particular threat tackled by law enforcement, even though $14 million is but a tiny fraction of the BEC ecosystem, it is still progress. Last year, over $600 million was reported to the FBI as lost in BEC attacks. It also sends a very clear signal both to the victims and the criminals. Let’s call it one small step for the cyber security world, and one larger leap for business peace of mind.
READ MORE:
Gary Warner Director of Research in Computer Forensics At UAB (Alabama) has been unravelling the various indictments in Operation Wire Wire – and it’s a brilliant insight into the BEC world and how attacks are perpetrated in 3 parts: Part 1, Part 2, Part 3
The full FBI Release: 74 Arrested in Coordinated International Enforcement Operation Targeting Hundreds of Individuals in Business Email Compromise Schemes
The Internet Crime Complaint Center (IC3), released this memo on BEC, the same day as the FBI was released.
We’ve been writing quite often about Business Email Compromise of late: What is Business Email Compromise?, The FBI’s Internet Crime Report 2017 and 2017 BEC Numbers From Proofpoint.
Leave a Comment