Chinese hackers have just pulled off one of India’s biggest cyber fraud ever, to the tune of $18.6 million. According to investigators, a group of Chinese hackers convinced the head of a local Indian subsidiary of Milan-based Tecnimont SpA to wire money from bank accounts in India to a bank account in Hong Kong. The scale and scope of the cyber fraud, though, has investigators puzzled, and top security and forensic experts from the United States have been called onto the scene to figure out how the Chinese hackers made off with the $18.6 million.
The elaborate cyber fraud by Chinese hackers
The more details that get released about this cyber fraud, the more it sounds like the plot line for a Hollywood bank heist movie. This was far more than just a simple phishing scam – it was a sophisticated operation that might have involved infiltrating a company’s email system to study the writing and communication habits of top executives, as well as the impersonation of the company’s chairman and fake documents used to set up a fraudulent bank account.
The cyber fraud scam started with a fraudulent email from Chinese hackers, spoofed to appear as if it were coming from the CEO of the company in Italy. The message was written in the tone and style of the CEO, and raised the prospect of a “secretive” and “highly confidential” acquisition that could only be pulled off if funds were wired to bank accounts in Hong Kong. After follow-up emails, there were then telephone conference calls between Italy and India, with Chinese fraudsters impersonating top executives and lawyers. They convinced the local Indian office that regulatory rules prevented a direct payment from corporate HQ in Milan; thus, the onus was on the local Indian operation to fund the acquisition. Payments were sent in three separate tranches of $5.6 million, $9.4 million, and $3.6 million. However, just before the fourth and final payment was about to be made, the real chairman of the Italian company showed up in India for a year-end visit. It’s not hard to imagine what happened next.
The only question remaining, of course, is how the Chinese hackers managed to pull this off. After all, there were multiple phone calls, multiple email exchanges, and multiple bank accounts involved. How was it that the Chinese hackers were able to impersonate company officials, even down to the style of writing and communication? The best guess for now is that the Chinese hackers managed to break into the corporate IT system, studied the emails from company officials, and then crafted the fake emails coming from the (fake) corporate CEO.
Was this really a cyber attack, or just electronic fraud?
Given the elaborate deception involved, Maire Tecnimont (the parent company of Tecnimont SpA) has thus far referred to this as a case of “electronic fraud.” After all, the bank account opened by Chinese hackers in Hong Kong was opened using fake documents, and the fact that individuals were acting out roles on the phone suggest that this was just an old-fashioned con – the type that shows up in movies as part of a bank heist involving people from all over the world. For now, the head of the Indian office has been removed, as has the head of accounts and finance.
In hindsight, could this cyber fraud have been prevented? Many corporations, for example, now train their employees on how to recognize phishing emails sent from hackers. The typical phishing email will appear to come from a real company or real person, but there will usually be a spelling error or some typo that gives it away. But someone casually reading through a list of new emails might open it by mistake, and then click on any links within that email. From there, all other elements of the fraud can be carried out online, without the need for human actors to get on the phone and impersonate others. A person, for example, might be asked to download some information, and that file includes a bit of malicious code. Or that person might be asked to enter personal information or password information on another website impersonating a real website.
Certainly, it can be assumed that geographic, time zone and language differences between the home office in Milan, Italy and the branch in Mumbai, India played a role. Strange phrasings, incorrect grammar, or odd stylistic touches within the email correspondence might have gone overlooked. But here’s where there is still a lot to explain: how did Chinese fraudsters impersonate top European officials, including one claiming to be a top Swiss lawyer? At some point, wouldn’t really bad accents or awkward phrases tip off the Indian officials that someone was being conned?
The new era of cyber fraud
What we could be witnessing is a new era in global, cross-border cyber fraud that involves a mix of typical hacking tactics (e.g. spear phishing), network intrusion, Internet fraud and cyber crime (i.e. fake bank accounts). It’s easy to see that a number of different entities, government agencies and law enforcement officials might get involved here, including the Internet Crime Complaint Center (iC3), the Chinese government, Interpol, and perhaps even FBI Director Christopher Wray (now that New York-based security firm Kroll has gotten involved).
In short, instead of a few hackers in pajamas trying to hack into computer systems from their basements, we may be seeing the rise of sophisticated global crime syndicates and hacking groups that are far more formidable adversaries for corporate IT directors. Chinese nationals may only be the front men for criminal organizations that are based somewhere else in the world. How else to explain that Chinese hackers settled on a relatively unknown Italian engineering firm for their elaborate cyber fraud?
What started with bank scams, credit card fraud, confidential business information and stolen trade secrets has become something much more dangerous. It is now an advanced persistent threat that has the attention of state security organs, including the Ministry of State Security in China. It’s a heads up for national security organizations around the world that cyber fraud is a problem that is only getting worse, not better.