Olalekan Jacob Ponle and Raymond Igbalode Abbas, are two kingpins of a cyber criminal gang of about 12 gang members who commited illicit internet schemes, both lucrative and long-reaching, that spanned beyond borders and recognized few boundaries. Their scheme was devised to steal almost half a billion dollars over a nine month period in 2019.
According to the U.S. Department of Justice, Ponle and Abbas targeted at least a dozen companies across the United States and served as a stark reminder of just how vulnerable businesses and individuals can be to cyber criminals.
By using a combination of high-tech and low tech methods, as well as email and social media, the gang’s alleged ringleaders hatched a plot to milk millions from mostly small to midsize companies, which if successful would have destroyed an number of already COVID-weakened companies and brought the lives finances of victims crashing down.
Yet even more intriguing that the gang’s seemingly global reach, presumably from the residences of the two key suspects in the United Arab Emirates (UAE), was the extent and sophistication of their network. In the end, however, it may have likely been a parasitic combination of arrogance and complacency that aided authorities in the capture of the two key suspects and their alleged co-conspirators.
At a rate of roughly 900 per day, according to a 2018 Internet Crime Report, the FBI received complaints of possible cyber crimes which that year totaled 300,000. Worldwide, as calculated by the World Economic Forum (WEF), a business gets targeted by hackers and cyber criminals every three seconds. And the UAE, where Abbas and Ponle launched and managed their illicit operation, is the third most inviting target for internet criminals.
As of a few months ago, the UAE with an estimated 95.2 million internet users, according to Internet World Stats, has one of the highest penetration rates by hackers at upwards of 96.4%. Although the gang’s targets were outside the UAE, the United States, as noted by a June 2020 article for the Khaleej Times, tops the list of aggressively-targeted nations. Both the UAE and the United States, many experts claim, have the combination of higher average incomes and higher numbers of internet users that hackers look for when drumming-up possible targets.
Along with the UAE and the United States, Sweden, Norway, Iceland, and the UK are among some of the prime target countries. Additionally, due to the COVID-19 pandemic online activity, particularly in the likes of shopping, banking, and using social media, has categorically increased.
In mid-June 2020, the Criminal Investigation Department of the Dubai Police, led by Brigadier Jamal Salem Al-Jallaf, launched what would come to be known as “Operation Fox Hunt 2,” acting on intel regarding a cybercriminal gang, led by one or more Africans, operating out of Dubai. Out of an approximately 12-member gang, two key suspects Olalekan Ponle, also known as ‘Woodbery” and Raymond Abbas, otherwise known as “Hushpuppi,” emerged as the possible orchestrators through texts found on IPhones and on an Instagram account created in October of 2012, subscribed by a an individual named “Ray.”
Both Ponle and Abbas were eventually traced and subsequently arrested at a decadent Palazzo Versace apartment in Dubai. The raid that netted Ponle and Abbas was part of a larger 6 raid operation led by Assistant Commander-in-Chief for Criminal Investigation Affairs Major General Khalil Ibrahim Al-Mansouri, who described the final phase of the operation as “a zero hour to take down all gang members at the same time.”
Intelligence on the two key suspects was the result of a joint effort by FBI Special Agents Andrew Innocenti and Ali Sadiq, who each led investigative teams that separately targeted the two key suspects – Abbas and Ponle.
Abbas, also known as “Hushpuppi” by far the flashier of the pair, who boasted about his criminal activity in scores of Instagram posts, was already wanted in Dubai, Europe, the U.S., and Nigeria. Both the FBI and the Dubai Police were able to work backwards from a number of Instagram posts whereby Abbas, who at one point nicknamed himself as “The Billionaire Gucci Master,” made little secret of the fruits of his multi-million dollar criminal enterprises.
The pair, along with several co-conspirators who performed “money muling” and other tasks, according to the U.S. Department of Justice, “gained unauthorized access to a U.S.-based company’s email account and sent messages to unwitting employees claiming to be from the company or a known business contact.” Victims were directed to wire transfer monies to a bank account where the mules would obtain the funds and convert them to bitcoins. The crypto-currency was then deposited into a “virtual wallet” operated by Ponle.
Among the number of companies in the United States that were victimized, two in Chicago were among the hardest hit as one was swindled out of $15.2 million and another was scammed out of $2.3 million. In the brazen “phishing attack,” companies in other states namely Iowa, Kansas, Michigan, New York, and California were also reportedly targeted. What the group hoped to extend globally, the scheme’s estimated worth was suspected to be $435 million!
Based upon the raids conducted by the Dubai Police that uncovered dozens of computers, smartphones, and memory sticks, as well as a list, according to Brigadier Al-Jallaf, of 1,926,400 potential victims, the gang was well on its way to fulfilling their insidiously lucrative aspirations. Dubai Police recovered approximately $40.9 million in cash and 13 luxury automobiles purchased, presumably through other scams involving stolen or false credit cards that the gang obtained through fake websites and banks.
As the number of internet users in countries like the UAE, which by 2016 grew to 77.6% of the Emirate population, along with the increasing integration of the internet and social media into the way even small and midsize companies do business, scams like these become both more sophisticated and more commonplace. Such upticks in cyber crime both domestically and abroad prompted the FBI to issue a “public national warning” to all U.S. businesses in October 2019 and spurred the Dubai Police to strengthen their cyber crime division.
Only a few months prior, in February 2020, the Dubai Police launched a similar investigation, which effectively was labeled Operation Fox Hunt 1, led to the arrest of 9 suspects who were part of an underground fraud network that targeted individuals through fake job opportunities. Projected to victimize approximately 800,000 people through email, the group managed to steal $8.7 million.
However, authorities believe the total worth of the scheme was possibly $1.08 billion. This fraud network consisted of 81 fake businesses allegedly located in 18 countries. The E-Investigative team of the Dubai Police received a tip “that some social media users were fooled by scammers who promised to help with job opportunities,” according to a February Gulf News report.
Firms like Cybersecurity Ventures, who monitor cyber crime, warn that small and midsize companies, as well as individuals are in some ways more susceptible to cyber criminals than larger companies. Choosing targets that are likely less protected, cyber criminals seek out easier opportunities rather than large-scale payouts, knowing that large corporations employ IT teams or cybersecurity firms. However, many small and midsize companies cannot afford such measures or harbor a complacency that cyber criminals will not be interested in a company their size.
For tips on how to guard yourself and your business against cyber threats, visit the U.S. Department of Homeland Security at DHS.gov.
Written By Vincent Amoroso