Moldavian brothers Adrian and Gheorghe Baltaga, 25 and 26 years old, respectively, have been charged in the U.S. District Court for the Northern District of California with wire fraud, conspiracy to commit bank fraud and wire fraud, aggravated identity theft, and aiding and abetting.
Federal authorities said in the indictment that the two conspired to steal login credentials for brokerage accounts, using them to set up fraudulent automated clearing house (ACH) links to prepaid debit card accounts. That way, they could extract the money and easily launder it as cash by purchasing money orders from MoneyGram and the U.S. Postal Service, which were then, as clean money, deposited into yet other debit accounts.
Details are being kept close to the vest in terms of the exact dollar amount pilfered, but sources familiar with the investigation told security researcher Brian Krebs that the Baltaga brothers were also involved in a 2012 heist of $1.7 million, from a Maryland title company.
The money-laundering part of siphoning money from banking institutions is always the toughest nut to crack for criminals and the most dangerous for victim organizations, because once the money’s gone via wire transfer or ACH, it’s gone.
Franchises and small and medium-sized businesses should take extra care to monitor for unusual activity, Krebs warned.
“Businesses do not enjoy the same legal protections afforded to consumer banking customers hit by cyber thieves,” Krebs said. “As a result, organizations can be held responsible for any losses due to phishing or account takeovers.”
In a case at a title company that Krebs investigated in 2012, the business contacted its bank after being tipped off, and discovered that the thieves had already stolen $700,000 in fraudulent wires and ACH payments and had just initiated another wire transfer of $1 million.
The company and its bank were in time to block the $1 million wire, but went into dispute over the $700,000 – they eventually reached a confidential settlement that was likely not for the full amount.
Making things harder to monitor is the fact that rather than getting their own hands dirty, as the Baltaga brothers did with their MoneyGram scheme, most criminals favor money mules. For instance, in the summer Krebs uncovered a Russian-Ukrainian cyber-gang going by the name Best Inc., which managed to steal more than $1 million from a public hospital in Washington State. It carried out the heist by recruiting nearly 100 unwitting accomplices in the US who were hired through work-at-home job scams.
Krebs also tracked a money mule recruitment gang in 2012 that targeted small businesses and retail bank accounts with the same play.
“One of the mules I contacted said she’d just received notification that she was to expect a nearly $10,000 transfer to her bank account, and that she should pull the money out in cash and wire the funds (minus her 8 percent commission) to three different individuals in Ukraine and Russia,” Krebs said.