Four men suspected of hacking into US networks to steal employee data for identity theft and filing fraudulent US tax returns have been arrested in London, UK, and Malmö, in Sweden, at the request of US law enforcement authorities.

The suspects identified in four recently unsealed US indictments are Akinola Taylor (Nigeria), Olayemi Adafin (UK), Olakunle Oyebanjo (Nigeria) and Kazeem Olanrewaju Runsewe (Nigeria).

The four men are charged with transnational wire fraud and identity theft for filing false tax returns with the United States Internal Revenue Service (IRS) in order to steal money from the agency by through tax refunds.

To do this, Taylor and Runsewe hacked into the servers of US companies and stole personally identifiable information (PII) from US residents.

To gain access to those servers, the Justice Department said the suspects purchased stolen credentials from cybercrime marketplaces, such as the now-shutdown xDedic marketplace.

“One of the places where Taylor and Runsewe gained unauthorized access to computer servers was the xDedic Marketplace, a website that ran for years and was used to sell access to compromised computers around the world. and personally identifiable information of U.S. residents,” read the Ministry of Justice announcement.

xDedic was a cybercrime forum in Ukrainian and Remote Desktop Protocol (RDP) Marketselling hackers access to hacked computer networks by brute-forcing user passwords, exploiting vulnerabilities, or bribing insiders.

The xDedic marketplace operated between 2014 and 2019 when an international law enforcement operation finally took it down. The platform had a backdoor verification mechanism that ensured the validity of access sales.

The DOJ claims that Taylor and Runsewe used the acquired information to file fraudulent Form 1040 applications with the IRS, using PII from valid U.S. residents, but including bank accounts under their control to receive the funds.

Adafin and Oyebanjo allegedly aided the scammers at the money laundering stage, transferring the proceeds to other conspirators and through a complex network of debit cards and bank accounts, in hopes of obscuring the trail.

An investigation by the IRS-CI Cyber ​​Crimes Unit and the FBI has revealed the true identities of the four individuals, who will now be subject to extradition proceedings.

If convicted of wire fraud, the four individuals face a maximum sentence of 20 years in federal prison, not including additional penalties for identity theft and theft of public funds.

Additionally, if found guilty, the four men will be required to confiscate all property related to the proceeds of the identified offences.


Source link