Anatomy of a cybercrime ring — spoof emails, a suspect sent from Canada to the US, and a ‘ghost’ in SA
A suspected online scamster was recently extradited from Canada to the United States. He was allegedly part of a cybercrime ring stretching across several countries that channelled fraud proceeds to a bank account in South Africa, where two other alleged members are based.
About two weeks ago, 0n 12 April 2023, Kosi Goodness Simon-Ebo landed in the US.
He was extradited from Canada and his arrival in the US meant the long arm of the law was squeezing tighter around a global cybercrime group.
Simon-Ebo faces wire fraud and money laundering charges, related to a business email compromise scheme that involved losses of $6-million, which equates to more than R109-million.
He was charged along with Henry Onyedikachi Echefu and James Junior Aliyu — according to the US, both are based in South Africa and are wanted in that country.
The trio are originally from Nigeria.
Black Axe and billion-rand cybercrime
Daily Maverick has before reported on Black Axe, also known as the Neo Black Movement of Africa, which has roots in Nigeria and which appears to have a stronghold in South Africa.
Some authorities view the group, known for cybercrime, as a cult.
Eight suspected Black Axe cybercriminals were arrested in Cape Town in 2021 during a joint operation with the US’s Federal Bureau of Investigation.
Read more in Daily Maverick: Arrest of eight Black Axe members reopens wounds for Cape Town romance scam victims
Meanwhile, earlier in April this year the Council for Scientific and Industrial Research warned that cybercrime was costing the South African economy around R2.2-billion annually.
It also said South Africa had the highest instance of business email compromise on the continent.
In the recent crackdown involving Simon-Ebo, Echefu and Aliyu, while they were not implicated in Black Axe activities, they have been charged in the US in connection with email compromise crimes.
‘Old Soldier’ and ‘Ghost’
A US Justice Department statement said the trio was arrested in July last year outside of that country and afterwards an indictment against them was unsealed there.
While it was not immediately clear where Echefu was detained, in the case of Aliyu, who was also known as “Old Soldier” and “Ghost,” he was arrested in Johannesburg.
According to the South African Police Service (SAPS), Aliyu was taken into custody at an upmarket estate in Sandton in July 2022 during a joint crackdown with the US.
In a statement, the SAPS said Aliyu was “believed to be part of a cybercrime ring involved in phishing, internet scams and money laundering.”
He was suspected of being involved with online fraud worth R192-million.
In 2020 the South African Reserve Bank issued a notice saying it was forfeiting R231,290,36 from Aliyu to the state.
The notice did not say why.
Unauthorised email access
In the US case, it was alleged Simon-Ebo, Echefu and Aliyu conspired with others and from February 2016 up until at least July 2017 were involved in a business email compromise scheme.
“[They] gained unauthorised access to email accounts associated with individuals and businesses targeted by the conspirators,” the US Department of Justice said in a press statement.
“The co-conspirators then allegedly sent false wiring instructions to the victims’ email accounts from ‘spoofed’ emails, which are emails with forged sender addresses, to deceive the victims into sending money to bank accounts controlled by perpetrators of the scheme, called ‘drop accounts.’”
SA bank account
It was also alleged the trio conspired to launder money via depositing fraudulently obtained money into drop accounts while trying to hide who owned it.
“For example, defendant Aliyu is alleged to have made a $350,000 wire transfer from one of the drop accounts in Maryland [in the US] to an account he controlled in South Africa, knowing that the funds were the proceeds of a crime and that the transaction was designed to conceal the nature, source and ownership of those funds,” the US Justice Department said.
According to an indictment against Aliyu, Echefu and Simon-Ebo, they had used platforms including WhatsApp to communicate.
They had also allegedly operated with others in the US, including Nkeng Amin and Aldrin Fon Fomukong who were based in Maryland.
According to the US Justice Department, both previously pleaded guilty.
In April 2019 it was announced that Amin was sentenced to more than 12 years in jail.
“Amin worked hand-in-hand with… Fomukong to perpetrate the fraud in Maryland,” a statement on his sentencing said.
“[He] also independently corresponded with the leaders of the fraud scheme overseas and recruited and managed his own co-conspirators… to open bank accounts to receive victim funds and withdraw the victim funds from the fictitious bank accounts before the fraud was detected.”
Fomukong pleaded guilty to his role in the syndicate in 2018.
It was not immediately clear if he had been sentenced.
Cash and cars
In a government memorandum relating to potential prison time for Fomukong, it said many members of the conspiracy he was involved in “were located in South Africa, [and] compromised individual and business email accounts, gaining access to those accounts.”
The memorandum alleged: “Fomukong’s profit from the fraud was staggering. Of the over $4-million obtained from the 13 victims, Fomukong would typically keep some of the funds, give a portion of the funds to the other members of the conspiracy located in the United States… and send the rest to members of the conspiracy abroad.
“This arrangement was lucrative: not only did Fomukong keep cash obtained from the fraud, he also used approximately $231,800 of victim funds to purchase a 2010 Mercedes 4-door Sedan, a 2011 Porsche 4-door sedan, a 2014 Land Rover, and a 2012 Bentley Continental.”
Several others were listed as having worked with Amin and Fomukong, hinting at how expansive their criminal scheme was. DM