A federal jury in Alexandria, Virginia, on Thursday, June 13, convicted a Nigerian national for operating a business email compromise scheme targeting victims in the United States and elsewhere.
According to court documents and evidence presented at trial, Ebuka Raphael Umeti, 35, and his co-conspirators sent victim businesses phishing emails, which were made to appear as though they originated from trusted senders, such as a bank or a vendor.
These phishing attacks allowed the co-conspirators to gain unauthorized access to victim computer systems and email accounts, including by infecting victim computers with malicious software or “malware” that provided the co-conspirators with remote access.
The co-conspirators then exploited that access to obtain sensitive information, which they used to deceive individuals at victim companies into executing wire transfers to accounts specified by the co-conspirators. As a result of this scheme, the co-conspirators caused or attempted to cause more than $1.5 million of loss to victims.
“Umeti participated in a sophisticated computer hacking and business email compromise scheme that targeted numerous businesses in the United States,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division.
“Although Umeti and his co-conspirators carried out their scheme from outside the United States, they were not beyond the reach of the Justice Department. Today’s conviction should serve as yet another reminder that, if you target American victims, the Criminal Division is committed to tracking you down and holding you responsible for your criminal conduct, no matter where you are.”
“The reach of cyber criminals is extensive, but so too is the reach of the law,” said U.S. Attorney Jessica D. Aber for the Eastern District of Virginia. “Umeti relied on hidden malware, deception, and an ocean of distance to steal from American businesses and avoid prosecution. Despite those obstacles and obfuscations, a dedicated team of investigators and prosecutors showed outstanding resolve in bringing him to justice.”
“Today’s guilty verdict is a victory in our fight against cybercrime and should serve as a warning to cybercriminals who believe they can operate with impunity,” said Assistant Director in Charge David Sundberg of the FBI Washington Field Office.
“The FBI remains committed to relentlessly pursuing those engaged in malicious cyber activities and ensuring they are held accountable.”
The jury convicted Umeti of conspiracy to commit wire fraud, three counts of wire fraud, conspiracy to cause intentional damage to a protected computer, and intentional damage to a protected computer.
He is scheduled to be sentenced on Aug. 27 and faces a maximum penalty of 27 years in prison on the wire fraud conspiracy count, five years in prison on the conspiracy to cause intentional damage to a protected computer count, 20 years on each wire fraud count, and 10 years on the intentional damage to a protected computer count.
A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.
Co-defendant Franklin Ifeanyichukwu Okwonna, 34, pleaded guilty on May 20 to his role in the scheme and is scheduled to be sentenced on Sept. 3.
The FBI Washington Field Office investigated the case.
The Justice Department’s Office of International Affairs worked with the FBI’s Legal Attaché Office in Nairobi, the U.S. Marshals Service, and Kenya’s Office of the Director of Public Prosecutions and Directorate of Criminal Investigation to secure the extradition of Umeti and his co-defendant.
Senior Counsel Thomas S. Dougherty of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorney Laura D. Withers for the Eastern District of Virginia are prosecuting the case.
CCIPS Senior Counsel Aarash Haghighat assisted in the investigation and indictment of the case.