Two international hackers who targeted American universities have been recently convicted by a U.S. court for multiple counts of identity theft. The two hackers, Damilola Solomon Ibiwoye and Olaykinka Olaniya, were born in Nigeria but had since moved to Kuala Lumpur, Malaysia when they were captured by authorities and extradited back to the United States in 2016 to stand trial. The two men were both connected to a large-scale phishing attack on several colleges that included the Georgia Institute of Technology (Georgia Tech) and the University of Virginia.
Nigerian hackers attack Georgia Tech
In this particular phishing scam, the two hackers sent out emails to the employees of over 25 colleges in the U.S. The emails asked the employees to visit a website and enter personal data such as their login and password information. Many phishing emails look legitimate, as if they had been sent by the college payroll department or banks doing business with the colleges, as if it was necessary to verify this information.
When an unsuspecting employee clicked a malicious link, the fraudulent websites set up by the attackers gathered the data. The hackers then used this information to redirect employees’ direct deposit payroll checks into the hacker’s accounts. Additionally, the cyber criminals were able to get access to W2 forms and tax records so they could file fake tax returns. According to authorities, they were able to net over $6 million using this scam.
Dating websites were also targeted by the foreign hackers
The fraud did not end there, however. The hackers also posed on dating sites to dupe individuals into letting them put a deposit into the victim’s account. Once the money from the scam was deposited, they then convinced the victims to give them their account information so that they could transfer the funds. Instead, they stole all of the money from the accounts, transferring the funds overseas.
Hacker gets jail time
Ibiwoye took a plea deal and was sentenced to thirty-nine months in prison and three years of supervision after his release. Olaniyi was found guilty by a jury and is expected to be sentenced in October. Both hackers have received international attention because of the level of success of their phishing scams and because their arrests involved the cooperation of the U.S. government, college officials, and the Malaysian government that aided in the arrest and extradition.
Following their initial arrest in 2016, the scam helped serve as the impetus for the creation of a Cybercrime Unit in the Atlanta U.S Attorney’s Office Criminal Division. This new unit is dedicated to investigating cyber crimes such as identity theft, data breaches, hacking and the spread of illegal drugs and weapons being sold online through the “dark web.” In addition to their duties in investigating and prosecuting, the Cybercrime Unit is also tasked with spreading the word about cybersecurity and how important it is to protect oneself on the Internet.
References
https://www.justice.gov/usao-ndga/pr/jury-convicts-cybercriminal-hacking-universities
https://www.ledger-enquirer.com/news/state/georgia/article216592145.html