Interpol says Nigerian police have arrested 11 people alleged to be members of a “prolific” cybercrime organization, some of whom are thought to be part of the SilverTerrier business email compromise (BEC) gang.
The arrests were made in December but only announced this week.
Interpol said it provided intelligence to Nigerian authorities that led to the arrests. It also forensically extracted and analyzed data in the laptops and mobile phones seized by police.
A preliminary analysis indicates that the suspects’ collective involvement in BEC criminal schemes may be associated with more than 50,000 targets, the Interpol statement said.
One suspect had more than 800,000 potential victim domain credentials on his laptop, Interpol said. Another suspect had been monitoring conversations between 16 companies and their clients and diverting funds to ‘SilverTerrier’ whenever company transactions were about to be made. Another individual was suspected of taking part in BEC crime across a wide range of West African countries including Gambia, Ghana and Nigeria.
Interpol is now co-ordinating further action against ‘SilverTerrier’ bank accounts and sharing intelligence on the domain credentials of potential victims with member countries to prevent further fraud.
Business email compromise scams involve tricking employees into doing things under the assumption the email request is coming from a superior or a company supplier. Requests range from a supposed supplier asking the employee to change the bank account where a regular payment goes to a supposed manager asking the employee to buy a large number of gift cards for a supposed company event. A key to the scam is either the hacking or spoofing of email accounts of real people.
According to Palo Alto Networks, global losses from BEC scams have ballooned from US$360 million in 2016 to US$1.8 billion in 2020.
Interpol credited help from tech companies Palo Alto Networks and Group-IB for the most recent arrests in what it calls Operation Falcon II.
In a blog post, Palo Alto’s Unit 42 threat intelligence service said “this recent operation was novel in its approach in that it didn’t target the easily identifiable money mules or flashy Instagram influencers who are typically seen benefiting from these schemes. Instead, it focused predominantly on the technical backbone of BEC operations by targeting the actors who possess the skills and knowledge to build and deploy the malware and domain infrastructure used in these schemes.”
Of the people arrested, Unit 42 believes six are members of SilverTerrier.
One is also believed to have been arrested in 2018 as part of the FBI’s operation WireWire. If so, the report says, his recent arrest marks one of the first known instances of a Nigerian actor being arrested twice for BEC. “It further suggests that his initial prosecution fell short of dissuading continued criminal activity,” the report adds.