The US Department of Justice (DoJ) has charged Idris Dayo Mustapha for a variety of cybercriminal activities that took place between the 2011 and 2018, resulting in financial losses estimated to exceed $5,000,000.
Many of the entities that fell victim to the attack were US-based financial institutions and brokerage firms that had their systems compromised directly by Mustapha and his co-conspirators. They performed unauthorized transactions while using other people’s brokerage accounts.
Mustapha also flew from London to New York in 2015 to open a Bank of America account that was used for doing unauthorized trading.
“The defendant was part of a nefarious group that caused millions of dollars in losses to victims by engaging in a litany of cybercrimes, including widespread hacking, fraud, taking control of victims’ securities brokerage accounts, and trading in the name of the victims,” said US Attorney Breon Peace.
Mustapha’s Scheme
Starting in 2011, Mustapha and at least one co-conspirator from Lithuania engaged in a range of schemes in order to obtain unauthorized access to US-based email servers that supported bank account and brokerage account access for consumers.
In order to do so, the hackers stole email account credentials (usernames and passwords) and used them to log in to bank and brokerage platforms.
By accessing these email accounts, Mustapha was able to steal personal information and familiarize himself with their communications and regular activities.
Next, he used social engineering to request wire transfers from financial institution employees to overseas bank accounts that he controlled.
For the brokerage accounts, Mustapha directly accessed them and transferred significant amounts or the online securities in full to other firms and new accounts.
In order to bypass the imposed blocks that some of the firms placed as an anti-fraud measure, he fraudulently used the victims’ accounts to place unauthorized trades that benefited stocks he controlled.
To accomplish this, Mustapha frequently liquidated existing stock positions held by the stolen brokerage accounts, engaged in market price manipulation, and more.
He was arrested in the UK in August after causing financial damages that surpassed over $5,000,000.
Mustapha now faces 10 counts, including wire fraud, aggravated identity theft, securities fraud, computer intrusion, access device fraud, and more. The minimum sentence for these charges is 2 years in prison but can go up to a total of 20 years.
Mustapha is currently held in the UK, but the US is seeking his extradition so that he can face trial in the District Court for the Eastern District of New York.