Fincrime Briefing: OFAC sanctions Russian ‘Evil Corp.’ hackers, Anti-corruption Day resources, $722 million crypto-Ponzi scam, and more

By Brian Monroe
bmonroe@acfcs.org
December 10, 2019

Quote of the Day: “The key is to keep company only with people who uplift you, whose presence calls forth your best.” – Epictetus

In today’s briefing, OFAC sanctions Russian hacking collective Evil Corp. after stealing more than $100 million, Anti-Corruption Day 2019, DOJ arrests three in more than $700 million crypto-Ponzi-pyramid scheme, and more.

Please enjoy this unlocked story, part of the many benefits of being an ACFCS member.

Want to talk about industry trends, story ideas or get published? Feel free to reach out to ACFCS Vice President of Content Brian Monroe at the email address above. Now, on to more sweet sweet content!

SANCTIONS

Yakubets speaking with a police officer next to his Lamborghini Huracan. National Crime Agency (NCA)

Lamborghinis, baby lions, and stacks of cash: The Russian hackers in charge of ‘Evil Corp’ are living an absurdly lavish lifestyle – which may be curtailed by OFAC

  • The Russian hacking group Evil Corp is being sought by various international governments, suspected of a wide range of illegal activities.
  • The UK’s National Crime Agency said the group’s leader, Maksim “Aqua” Yakubets, was charged in connection with “two separate international computer hacking and bank fraud schemes” across the past 10 years that allowed his hacking group to steal millions of dollars.
  • Photos released of the group’s lavish lifestyle offer a look at how they spend the millions they’re accused of stealing, from exotic animals to custom Lamborghinis.

The millionaire leader of what authorities have called “the world’s most harmful cyber crime group,” Evil Corp, lives a life full of luxury items and exotic animals – an existence that could change drastically if he, or his cohorts, ever leave Russia after just-announced U.S. sanctions.

Maksim “Aqua” Yakubets, a 32-year-old Russian man, was indicted on Thursday by US authorities. He’s charged with carrying out “two separate international computer hacking and bank fraud schemes” across the past 10 years, siphoning millions of dollars from UK citizens into the coffers of Evil Corp, the UK’s National Crime Agency said.

Since Yakubets resides in Russia, the indictments won’t affect him unless he leaves the country. “If Yakubets ever leaves the safety of Russia,” the agency said, “he will be arrested and extradited the US.”

For now, Yakubets still lives in Russia and is apparently living it up alongside his cohackers. When they’re not driving his custom Lamborghinis or taking videos of a lion cub roaming an ornate rug, they’re posing for photos with wads of cash.

This has not gone unnoticed by the U.S. investigators.

Last week, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) took action against Evil Corp, the Russia-based cybercriminal organization responsible for the development and distribution of the Dridex malware. 

Evil Corp has used the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft.  

This malicious software has caused millions of dollars of damage to U.S. and international financial institutions and their customers.  

Concurrent with OFAC’s action, the Department of Justice charged two of Evil Corp’s members with criminal violations, and the Department of State announced a reward for information up to $5 million leading to the capture or conviction of Evil Corp’s leader, (via Business Insider) and (via OFAC). To see a detailed list of the individuals designated, click here.

Monroe’s Musings: This story is interesting for many reasons: the first, and most hilarious of which, is a hacker group calling themselves “Evil Corp.” Dr. Evil, of Austin “Danger” Powers fame would be proud.

But normally hacker groups tend to distance themselves from their real-world exploits, instead puncturing virtual vaults and engaging in splashy cyberattacks with only a codename to blame.

Of course, that isn’t always the case, leading to a roadmap to get on the radar of investigators.

Let’s count the missteps shall we: Nefarious, high-profile name. Check. Lavish spending and cars and other luxury items. Check. Then going on social media to show your face, associated with Evil Corp. and related ill-gotten riches – and, hey, let’s throw in some furry exotic animals too.

While this group may be having some serious fun with their sullied funds, the joyride ends in Russia, something large international banks may start investigating more deeply as well now that OFAC has designated the group’s real-world avatars by name.  

MONEY LAUNDERING

Swedbank revamps management after money laundering probe in further shakeup of top execs

Swedbank said on Monday its chief risk officer was leaving as the Swedish bank’s new CEO revamps its structure to regain customer trust after a money laundering scandal sent its shares down 40 percent in the past year.

Helo Meigas will leave the bank along with head of Baltic Banking Charlotte Elsnitz, Sweden’s biggest lender said in a statement. It will also merge some business units and reduce the top management team to 14 people, from 17.

Gunilla Hallros and Jon Lidefelt will take over the risk management and Baltic banking roles, respectively, in an interim capacity. The search for permanent replacements has already started, the bank said.

The departures are part of an organizational revamp aimed at boosting confidence in the bank and simplifying its structure, Chief Executive Jens Henriksson said.

He was appointed in August after the bank fired his predecessor Birgitte Bonnesen over her handling of allegations that the bank’s Estonian branch processed suspect gross transactions of up to 20 billion euros a year from mostly Russian non-residents between 2010 and 2016. The scandal started with Danske Bank, Denmark’s biggest bank.

Henriksson told Reuters he had appointed “a well-reputed external financial consultancy to do a cultural assessment of Swedbank.”

Swedbank is currently under investigation in Sweden, Estonia and the United States. In October, the Estonian financial watchdog handed its probe over to the state prosecutor which had opened a criminal investigation.

The bank said on Monday that responsibility for the ongoing internal and external investigations into “historical shortcomings in anti-money laundering work” would be moved to a new Special Task Force unit, reporting directly to Henriksson, (via Reuters). To read the full Swedbank announcement, click here.

Monroe’s Musings: Swedbank has been hit hard by the Danske Bank scandal, with shockwaves hitting the highest leadership levels and now filtering more broadly through the institution in a bid to impress regulators, assuage investigators and get to the root of both compliance and cultural problems.

But these moves won’t make a difference until these leaders – at all levels – set a “tone at the top” and a thorough “culture of compliance” weaves its way through the bank in and out of compliance. 

CORRUPTION

International Anti-Corruption Day 2019 – The time to act in countering grand graft is now

Anti-Corruption Day, December 9, is observed as International Anti-Corruption Day since the year 2005, highlighting a scourge that has robbed developing and developed countries alike of trillions of dollars annually – a crime that is anathema to the foundation of a region’s rule of law.

The United Nations General Assembly on October 31, 2003, adopted the United Nations Convention against Corruption, and designated December 9 International Anti-Corruption Day, in order to raise awareness about corruption and of the role of Convention in fighting and preventing it.

This convention came into force in the year 2005, and since then the day is being observed annually.

As per the data, given by the United Nations, every year $1 trillion is paid in bribes while an estimated $2.6 trillion are stolen annually through corruption – a sum equivalent to more than 5 per cent of the global Gross Domestic Product.

In developing countries, according to the United Nations Development Programme, funds lost to corruption are estimated at ten times the amount of official development assistance.

Furthermore, the United Nation asserted Corruption is a serious crime that can undermine social and economic development in all societies. No country, region or community is immune.

Here are some stories and resources to detail to successes and challenges of countering corruption:

With special thanks and acknowledgement to David Landsman Consulting, LLC, of AML Services, (via News18).   

Monroe’s Musings: While countries wrestle with bolstering AML laws and granting more resources to regulators and investigators to fight larger, international networks of craft criminals, one thing can undermine all of this – hamstring these initiatives to their core: corruption.

The best laws on the books, the most strident investigators and others can be undone by a corrupt police officer, corrupt politician or corrupt judge. Without eradicating graft on a grand scale, there can be no foundation for AML, law enforcement, prosecutors and all the vital parties trying to stamp out organized criminal groups. 

CRYPTOCURRENCY

DOJ arrests three men tied to more than $700 million cryptocurrency Ponzi pyramid scheme

Federal investigators have arrested three suspected fraudsters who offered investors a chance to invest in a cryptocurrency mining scheme – where the individuals simply pocketed the money to spend on lavish living – that prompted investors to recruit others in a hybrid scam merging a Ponzi scheme with a pyramid network to dupe the unwary.

The U.S. Department of Justice (DOJ) stated the trio from Colorado and California defrauded investors of $722 million, noting there are still two others that authorities are pursuing.

Matthew Brent Goettsche, 37, of Lafayette, Colorado, and Jobadiah Sinclair Weeks, 38, of Arvada, Colorado, are charged by indictment with conspiracy to commit wire fraud and Goettsche, Weeks, and Joseph Frank Abel, 49, of Camarillo, California, are charged by indictment with conspiracy to offer and sell unregistered securities.

From April 2014 through December 2019, the defendants operated BitClub Network, a fraudulent scheme that solicited money from investors in exchange for shares of purported cryptocurrency mining pools and rewarded investors for recruiting new investors, according to court documents.

Goettsche, Weeks, and others conspired to solicit investments in BitClub Network by providing false and misleading figures that BitClub investors were told were “bitcoin mining earnings,” purportedly generated by BitClub Network’s bitcoin mining pool.

Goettsche discussed with his conspirators that their target audience would be “dumb” investors, referred to them as “sheep,” and said he was “building this whole model on the backs of idiots.” Goettsche directed others to manipulate the figures displayed as “mining earnings” during the course of the conspiracy.

For example, in February 2015, Goettsche directed another conspirator to “bump up the daily mining earnings starting today by 60%,” to which his conspirator warned “that is not sustainable, that is ponzi teritori [sic] and fast cash-out ponzi . . . but sure.”

In September 2017, Goettsche sent an email to another conspirator in which he suggested that Bitclub Network “[d]rop mining earnings significantly starting now” so that he could “retire RAF!!! (rich as f-ck).”

Weeks sent an email in June 2017 to Goettsche and another conspirator in which he remarked that BitClub selling shares in BitClub and then not using the money to purchase mining equipment was “not right.”

Goettsche, Weeks, and others obtained the equivalent of at least $722 million from BitClub Network investors.    

Goettsche, Weeks, Abel, and others also conspired to sell BitClub Network shares – which were securities – notwithstanding that BitClub Network did not register the shares with the U.S. Securities and Exchange Commission.

Weeks and Abel created videos and traveled around the United States and the world to promote BitClub Network.

In one video, a conspirator espoused that BitClub Network was “the most transparent company in the history of the world that I’ve ever seen.” In another video, Abel assured investors that BitClub Network was “too big to fail,” (via DOJ).

Monroe’s Musings: This scheme, and many variations and iterations, have been happening for decades. The new twist: Ponzi schemers are simply adding the word “crypto” to their sales pitches.

But be wary, there are details here that should not be lost on compliance professionals. This group had to have bank accounts, with one or many banks, and those banks should have realized the numbers simply didn’t add up or make sense in this crypto-mining scheme.

That being the case, any banks with ties to this group better hope they filed the required SARs – or they should remedy the situation with a quick remediation in the form of a mini-lookback. That is before regulators and investigators ask them to do it first.