Nigeria Abroad
One of the larger Nigerian cybercrime gangs, known as SilverTerrier, has been hit in a law enforcement operation, with 11 individuals arrested in December, Interpol announced with the Nigeria Police Force on Wednesday.
The international policing agency said the suspects appeared to have targeted as many as 50,000 different individuals and companies via so-called business email compromise (BEC scams), which help criminals find a way to intercept emails, either via hacking into accounts or spoofing email addresses, and trick companies into sending funds to the fraudsters rather than business partners with whom they believed they were interacting.
The SilverTerrier gang is known as one of the more successful BEC fraud groups, and Interpol said initial analysis of one of the 11 suspects’ computers indicated they were in possession of more than 800,000 usernames and passwords, which could potentially have been used to hack into company email accounts.
Another suspect was found to be monitoring conversations between 16 companies and their clients to divert legitimate transactions just as they were about to be made, Interpol said.
Nigeria’s assistant inspector general of police, Garba Baba Umar, said working with Interpol, he was able to “give the order to hunt down these globally active criminals nationwide, flushing them out no matter where they tried to hide in my country.”
Craig Jones, Interpol’s director of cybercrime, added: “Interpol is closing ranks on gangs like SilverTerrier. As investigations continue to unfold, we are building a very clear picture of how such groups function and corrupt for financial gain. . . . We know where and whom to target next.”
The Money Team
Cybersecurity company Palo Alto Networks tracks all BEC fraud coming out of Nigeria under the name SilverTerrier and has found that among the nearly 500 different “actors” involved, they were “often connected through only a few degrees of separation on social media platforms,” showing links between over 120 actors.
In a blog post due to be released later this week and cited by Forbes ahead of publication, Palo Alto said it had assisted in the Interpol investigation and provided details on some of the individuals arrested.
“This operation was novel in its approach in that it didn’t target the easily identifiable money mules or flashy Instagram influencers who are typically seen benefiting from these schemes. Instead, this operation focused predominantly on the technical backbone of BEC operations by targeting the actors who possess the skills and knowledge to build and deploy the malware and domain infrastructure used in these schemes,” the company post read.
The company claimed that one of those arrested had previously been apprehended by the FBI in 2018.
“His recent arrest marks one of the first known instances of a Nigerian actor being arrested twice for BEC,” it added.
Another suspect was part of an organization called “The Money Team” (or TMT), which has ostensibly legitimate businesses, including one that makes professional cakes and another that claims to be one of Nigeria’s biggest travel and tour providers.
A picture of the suspect obtained by Palo Alto researchers shows him standing next to luxury cars carrying the TMT branding.
According to Group-IB, another cybersecurity company that assisted on the law enforcement operation, the gang typically relied on phishing as their way into a company’s email account.
“After compromising a patient zero, fraudsters analyzed their email correspondence. By enabling special filtering of emails, the cybercriminals ensured that interesting emails (containing payment information) addressed to the victim are first redirected to fraudsters’ fake email boxes or are hidden from the victim in service directories,” a company spokesperson told Forbes.
Collectively, Nigeria’s BEC groups make up a sprawling illicit industry. By 2019, Nigerian BEC fraudsters had produced more than 81,300 kinds of malware linked to 2.1 million attacks.
This story first appeared in Nigeria Abroad
Connect with us on our socials: