Proshare - Facebook Proshare - Twitter Proshare - Google+ Proshare - Linked In Proshare - RSS Feed

Online Crimes – Nigerian Confraternities Emerge As Business E-Mail Compromise Threat

Proshare

Wednesday, May 16, 2018  12.45PM / Crowdstrike Global Intelligence Team

 

Business email compromise (BEC) is a form of fraud by which a team of cybercriminals convince victims to wire large amounts of funds or send valuable data to criminally controlled accounts; it is facilitated by the victim’s belief that they are actually being asked or instructed to do so by a trusted party.

 

According to the Internet Crime Complaint Center (IC3), BEC occurs when “a criminal compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds”.

 

In 2016, the IC3 received 12,005 BEC complaints amounting to losses of more than $360 million USD.

 

There have been multiple open-source reports describing how money stolen through BEC fraud is directed to bank accounts in China, particularly Hong Kong. The IC3 has tracked fraudulent bank transfers to 72 countries and it has determined that the majority go to banks in China and Hong Kong.

 

As eCrime has evolved over the past decade and become a global issue costing companies and individuals billions of dollars, prolific Nigerian cybercriminals have evolved, too.

 

They have moved to BEC scams, which are much more sophisticated than advanced-fee fraud (also called 419 fraud).

 

Industry reporting shows that BEC has been perpetrated by Nigerian groups or individuals and that the tools are readily available. (Trend Micro, “Cybercrime in West Africa”, 2017, https://documents.trendmicro[.]com/assets/wp/wp-cybercrime-in-westafrica. Pdf)

 

Additional analysis by CrowdStrike Intelligence shows that larger and more sinister Nigerian criminal groups are involved in BEC, specifically Nigerian Confraternities.

 

The Neo Black Movement (NBM) was founded in 1977 at the University of Benin, Nigeria. NBM claims that it is an officially registered organization in Nigeria, however it is widely considered to be one and the same as the Black Axe confraternity, and both have been banned by law. Since its foundation, Black Axe has developed into a formidable criminal organization and has developed a hierarchical, inter-state organization while at the same time retaining cult-like tendencies.

 

Black Axe gangs are involved in a multitude of organized crime ventures such as running prostitution rings, human trafficking, narcotics trafficking, grand theft, money laundering, and email fraud/cybercrime. These activities primarily take place in Nigeria, and they also are conducted by Black Axe members (known as Axemen) in Europe and North America.

 

Black Axe maintains a hierarchical command structure at the national level, and it also operates Black Axe “Zones” (also pyramidal in structure) in foreign locations. Arrests of criminals in Canada in 2015 revealed that the Black Axe zone for Canada is heavily involved in wire fraud, money laundering, romance scams, and BEC.

 

U.S. law enforcement arrested several Nigerian criminals on BEC fraud over the past few years, and Canadian and Italian law enforcement agencies have had limited success confronting and dealing with the Black Axe zones in their respective countries. Yet the magnitude of this criminal threat has only recently begun to be understood. As such, the threat posed by Black Axe and similar groups will remain high for the foreseeable future, and BEC will remain an effective eCrime technique in the near to midterm.

 

 

Structure of BEC Frauds

Proshare Nigeria Pvt. Ltd.

 

 

Key Points

·   Business email compromise (BEC) is a form of fraud where criminals compromise legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

·   Over the past 12 months, CrowdStrike has observed three different types of BEC scams: wire transfer attempts, payroll fraud, and compromises that have led to follow-on spam campaigns. In many BEC cases, CrowdStrike has observed Office 365 (or Google suites) being compromised because two-factor authentication (2FA) was not enabled.

·     CrowdStrike has also observed eCrime campaigns using the Netwire remote access tool (RAT) that are tied to Nigerian BEC fraud and that have affected companies in the energy, travel, financial, and hospitality sectors.

·     In many cases, money stolen through BEC fraud is directed to bank accounts in China, particularly Hong Kong.

·     Nigerian confraternities, most notably Black Axe, have developed into formidable criminal organizations that include cyber components.

·   The Black Axe confraternity maintains a pyramidal command structure at the national level, and also operates Black Axe “Zones” that conduct wire fraud in foreign locations.

·   In mid-2015, police in Toronto, Canada arrested three Nigerian criminals on fraud charges for stealing more than $600,000 USD from a Canadian widow through a romance scam. Police also charged one with the crime “money laundering for criminal organization” because they identified him as the bookkeeper for Black Axe’s Canada zone.

·   Although the perpetration of Nigerian 419 scams is not as advanced technically as the activity conducted by Russian actors who develop and manage sophistication banking Trojans, Nigerian BEC scams are just as advanced given their global scale, the amount of money involved, and the advanced money laundering techniques that include the use of banks in China.

·    As such, the threat posed by Black Axe and similar groups will remain high for the foreseeable future, and BEC will remain an effective eCrime technique in the near to mid-term.


Proshare Nigeria Pvt. Ltd.

 

Report Conclusion

Business email compromise (BEC) has become a massive eCrime challenge; it is essentially a global problem that affects all geographical regions and involves actors conducting fraud on multiple continents. The FBI has estimated that this fraud has resulted in billions of dollars stolen from large and small businesses alike, and CrowdStrike has observed cases were singe BEC cases have resulted in losses in the seven figures.

 

Many descriptions and advisories or press releases on BEC describe it in relatively simple terms, and the basic construct is simple in nature, which makes the success of the scam more impressive. However, the different variations of BEC that have been crafted show that in its different forms, it is actually a complex series of movements and events that require a multifunctional criminal team. When BEC scams are combined or conducted in conjunction with romance scams, money mule recruitments, and complex money-laundering operations, they present an enormous challenge to law enforcement, businesses, cyber security firms, and even individuals.

 

These scams should not be thought of separately, but rather as crimes that support one another, and as such they should be considered an advanced form of eCrime. Although the perpetration of Nigerian 419 scams and the use of keyloggers are not as advanced technically as the sophisticated banking Trojans developed and managed by Russian actors, the argument can be made that Nigerian BEC scams are just as advanced given their global scale, the amount of money involved, and the advanced moneylaundering

techniques that include the use of banks in China.

 

The arrests of Black Axe personnel in Toronto shed light on a criminal gang that is ruthless, while at the same time extremely organized and dedicated to conducting wire fraud, romance scams, money laundering, and BEC. The emergence this confraternity as a global scamming menace and advanced eCrime threat is alarming.

 

While the online security of these actors is not complete, they take greater security measures than “standard” Nigerian criminals. Furthermore, it has been difficult for law enforcement in countries outside Nigeria to gain an understanding of how Black Axe zones are structured and how they operate. These factors, combined with persistence and tenacity, have allowed fraud conducted by Black Axe and other Nigerian criminals to flourish.

 

U.S. law enforcement has arrested several Nigerian criminals on BEC fraud over the past few years, and Canadian and Italian law enforcement agencies have had limited success confronting and dealing the Black Axe zones in their respective countries. Yet the magnitude of this criminal threat has only recently begun to be understood. As such, the threat posed by Black Axe and similar groups will remain high for the foreseeable future, and BEC will remain an effective eCrime technique in the near to mid-term.

 

This CRIS – 18004 report was released on March 20, 2018

Proshare Nigeria Pvt. Ltd.

 

Intelligence Report Content 

 

1.       EXECUTIVE SUMMARY   pg 3

2.      KEY POINTS   pg 4

·         Introduction   pg 4

·         The Nigerian Connection: A Tradition in eCrime   pg 7

·         Nigerian Confraternities   pg 8

·         Recent Arrests of Nigerian BEC Threat Actors   pg 12

3.      BEC Campaigns Observed by CrowdStrike in 2017   pg 14

4.      MITIGATION AND REMEDIATION   pg 18

5.      INDICATORS OF ATTACK   pg 18

·         Host Indicators   pg 18

6.      NETWORK INDICATORS   pg 18

·         Network Artifacts   pg 18

7.      CONCLUSION   pg 22

 

 

Kindly download PDF report here

 

NOTICE TO READERS: This report is provided for situational awareness and network defense purposes only. DO NOT conduct searches on, communicate with, or engage any individuals, organizations, or network addresses identified in this report. Doing so may put you or your employer at risk and jeopardize ongoing investigation efforts.

 

 

Proshare Nigeria Pvt. Ltd.

 

Related News

1.       Economic And Financial Crimes Commission (Establishment) Act

2.      Admissibility Of Evidence As It Relates To Electronic Devises, Social ... Apr 13, 2018

3.      A Public Statement on the “Frivolous Petitions Bill” - Proshare Dec 7, 2015

4.      Eurojust - Council Of Europe: Joint Conference On Judicial ... - Proshare

5.      For Every Bribe Taken, There Is A Bribe Given

6.      Online Racket By Swiss Golden Swindles Over 7,000 Nigerians of N3Bn

7.      309,713kg of Drug Seized in 2017 - NBS

8.     Russian MMM Pyramid Scheme Founder Reported Dead

9.      Egmont Group Meeting: Focus on Nigeria

10.  NDIC to Investigate Banks for Failure to Make Returns on Fraud Cases

11.   Years After: Bank Customer Discovers N34m Was Withdrawn From His Account

12.  The Cost of Corruption in Nigeria ... and More Deaths Than We Should Have

13.  How To Evaluate Information Provided By A Whistleblower

14.  Switzerland, The U.S. Singled Out For Financial Secrecy By New Index

READ MORE:
Related News