British Man Charged With Hacking and Stealing From U.S. Banks

Close up of a laptop in a dark room with code on the screen

The United States Attorney’s Office (AO) has leveled criminal charges against Idris Dayo Mustapha, a UK citizen, for hacking into various American financial institutions and stealing money from bank accounts and securities brokerage accounts. Mustapha and his co-conspirators allegedly “engaged in a litany of cybercrimes” and orchestrated elaborate financial scams between 2011 and 2018.

Group Engaged in Elaborate Scams for Financial Gain

According to the official complaint, between January 2011 and March 2018, Mustapha and his associates carried out several scams, all aimed at stealing money from American financial institutions. They engaged in phishing to obtain login credentials, which allowed them to access their victims’ bank and brokerage accounts.

Initially, the scammers would transfer funds from these accounts to their own. However, they resorted to more sophisticated scams, like unauthorized trading, once banks started blocking these transfers. The group would place unauthorized stock trades from a compromised account while trading the same stocks at a profit from their own accounts.

The Department of Justice’s (DOJ) press release mentions an “electronic chat” conversation between Mustapha and a co-conspirator that reveals this exact scam. When asked whether to engage in unauthorized trading or simply take money out of the account, Mustapha replies, “better to go trade up and down and not direct fraud wire.”

The DOJ’s press release also provided an example of how the group used stolen login information. Mustapha and his co-conspirators would impersonate victims and reach out to their financial institutions via phone or email to request that funds be wired to overseas bank accounts. Their actions caused losses of over $5 million to the financial institutions they targeted.

Statements From Prosecutor and FBI

The United States Attorney’s Office is taking the matter seriously. The U.S. Department of Justice’s Office of International Affairs is also involved in the case and is “providing substantial assistance.”

U.S. Attorney for the Eastern District of New York, Breon Peace, and the FBI Assistant Director-in-Charge, Michael J. Driscoll, announced the charges against Mustapha. They also stressed the importance of bringing the criminals to justice.

“As alleged in the complaint, the defendant was part of a nefarious group that caused millions of dollars in losses to victims by engaging in a litany of cybercrimes, including widespread hacking, fraud, taking control of victims’ securities brokerage accounts, and trading in the name of the victims,” U.S. Attorney Peace stated.

“Protecting residents of the Eastern District and financial institutions from cybercriminals is a priority of this Office,” he added.

“Cyber crimes are insidious because the criminals lurk in places most people don’t see, and many don’t understand. Taking over victims’ email accounts and then stealing millions of dollars are just some of the crimes we allege Mustapha committed over the course of many years. Using digital platforms for banking and investing are now part of our everyday life, and the FBI is focused on making these tools safe from criminals like Mustapha,” FBI Assistant Director-in-Charge Driscoll said.

Complete List of Charges Against Mustapha

The official complaint alleges that the scheme resulted in millions of dollars worth of losses to the victims. Mustapha was arrested in the UK in August 2021. The U.S. is seeking his extradition to the Eastern District of New York. If convicted, Mustapha could face a prison sentence of up to 20 years.

Here is a complete list of the charges leveled against Mustapha:

  1. Computer intrusions
  2. Conspiracy to commit computer intrusions
  3. Conspiracy to commit money laundering
  4. Wire fraud
  5. Conspiracy to commit wire fraud
  6. Access device fraud
  7. Conspiracy to commit access device fraud
  8. Securities fraud
  9. Conspiracy to commit securities fraud
  10. Aggravated identity theft

Unfortunately, cybercrimes like phishing and identity theft are becoming more common these days. As much of our lives and essential services move online, it is important to take steps to safeguard your online activities. Check out our easy guide to staying safe online for some useful cybersecurity tips.

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.