DOJ: Impatience to get money did hackers in
MANILA, Philippines — Impatience proved to be the undoing of the group that hacked the bank accounts of more than 700 depositors of BDO Unibank in December last year, according to the Department of Justice (DOJ).
The DOJ on Wednesday said the National Bureau of Investigation was able to trace the “Mark Nagoyo Group” after a certain Mark Froilan, said to be one of the syndicate leaders, informed an undercover agent that Nigerian national Ifesinachi Fountain Anaekwe, alias Daddy Champ, was “already getting mad” as the group had yet to withdraw money from the hacked accounts.
“They were looking for a money mule to assist them in cashing out the money,” the DOJ said.
The NBI then set a trap on Jan. 18 that resulted in the arrest of Anaekwe and another Nigerian, Chukwuemeka Peter Nwadi, in Mabalacat, Pampanga. Three Filipino suspects—Jherom Anthony Taupa, Ronelyn Panaligan and Clay Revillosa—were arrested in a follow-up operation two days later.
The NBI established how each of the five suspects played a “compartmentalized” role to “prevent the transfers from being traced to a particular person.”
Article continues after this advertisementDifferent tasks
“(T)heir respective participations are vital, without which fraudulent transfers or illegal access of online accounts would not be possible,” it added.
Article continues after this advertisementAnaekwe and Nwadi provided “access devices,” such as fake bank accounts, crypto wallets and point-of-sale terminals of legitimate businesses, to persons who wanted to withdraw the illegally obtained funds.
Anaekwe sold fictitious company bank accounts, which could be used as “dropping accounts” that can receive as much as P10 million each, according to the NBI.
Taupa admitted to creating a “scampage,” or a phishing website, that resembled the official webpage of e-wallet service GCash.
Panaligan, also known as Luka Hanabi, secured verified accounts in GCash and PayMaya, another e-wallet service, by presenting valid identification cards of individuals she had duped in a fake survey.
Revillosa offered for P30,000 the list of 800,000 email addresses that he had hacked by accessing the database of several websites.
Anaekwe was arrested after he offered to sell spurious “company accounts” to an undercover NBI agent during last week’s sting operation.
“The evidence established that it was Anaekwe who was directly transacting for the sale of the accounts,” the DOJ said in a statement.
State prosecutors have ordered the criminal indictment of Anaekwe and three of his alleged Filipino cohorts for violation the Access Devices Regulation Act of 1998 and the Cybercrime Prevention Act of 2012.
Nwadi, however, had been released due to insufficient evidence against him.
The Mark Nagoyo group got its name from the fictitious UnionBank account registered to a certain “Mark D. Nagoyo” to which the stolen money was transferred. “Nagoyo” is a Filipino colloquial term for someone who has been duped.
‘Sophisticated fraud’
The online theft was first reported on Dec. 11, 2021, when a number of BDO clients shared on social media that they lost hundreds of thousands of pesos through unauthorized online fund transfers.
BDO later confirmed that some of its clients were hit by a “sophisticated fraud technique” through its online banking platform, and that it had since reimbursed the stolen funds.
“The NBI equated the modus operandi to money laundering,” the DOJ said on Wednesday. “After [the] hackers have illegally accessed the online banking account or banking system, they would transfer the money to a dummy bank account.”
It said the suspects wired the stolen money to the verified GCash and PayMaya accounts. The group would then instruct their money mules, who also got a share of the stolen money as commission, to personally withdraw the funds.
“It is only after a series of transfers would the stolen money be moved to the syndicate’s personal accounts,” the DOJ added.