Case Study 1: Unprecedented Global Multibillion Cryptocurrency Euro Fraud (Kosovo, FIU-Kosovo)
Case Study 2: Cyber Attack Through a SWIFT Heist (Nepal, FIU-Nepal)
Case Study 3: Global Money Laundering Related to Virtual Assets (Poland, FIU-Poland)
Case Study 4: Effective Collaboration in Business Email Compromise (BEC) Scheme (South Africa, FIC)
Conclusion
QnA
Introduction:
The rapid rise of digital assets and technological advancements in financial systems has created opportunities for both legitimate and illicit activities. Financial Intelligence Units (FIUs) worldwide have taken centre stage in detecting, investigating, and prosecuting complex financial crimes such as cryptocurrency fraud, cyberattacks, and money laundering schemes. The case studies presented here highlight some of the most significant international financial crimes and FIUs' vital role in mitigating these risks. Through their collaboration with national and international counterparts, FIUs have shown their ability to adapt to an evolving landscape and uphold the integrity of financial systems worldwide.
This blog provides a detailed summary of four case studies concerning cybercrime and cryptocurrency.
Case Study 1: Unprecedented Global Multibillion Cryptocurrency Euro Fraud (Kosovo, FIU-Kosovo)
Case Study 2: Cyber Attack Through a SWIFT Heist (Nepal, FIU-Nepal)
Case Study 3: Global Money Laundering Related to Virtual Assets (Poland, FIU-Poland)
Case Study 4: Effective Collaboration in Business Email Compromise (BEC) Scheme (South Africa, FIC)
Case Study 1:Unprecedented Global Multibillion Cryptocurrency Euro Fraud (Kosovo, FIU-Kosovo)
Background: This case involves OneCoin, a multi-billion dollar cryptocurrency fraud scheme. A Kosovo-registered company, CUMA, was established to sell online tutorial packages that promoted investing in OneCoin.
Timeline and Key Events:
April 2017: The Financial Intelligence Unit - Kosovo (FIU-Kosovo) receives a suspicious transaction report (STR) concerning CUMA and its owners.
April-July 2017: FIU-Kosovo collects bank information in Kosovo, customs information, and 17 international responses via the Egmont Secure Web. This data confirms CUMA's role in global fraud.
July 2017: Despite the collected information, the Special Prosecution requires more evidence to issue a sequestration order.
Late July 2017: FIU-Kosovo identifies a suspect attempting a large outgoing transaction (EUR 858,000) to purchase precious metals. FIU-Kosovo coordinates with the bank to delay the transaction.
July 31, 2017: The suspect provides an invoice listing OneLifeNetwork Ltd. Belize as the beneficiary, providing the missing link for FIU-Kosovo to obtain a freezing order.
International Wire Transfers: CUMA received funds from various countries and transferred them through multiple accounts, including those of the owner's family and offshore companies.
Precious Metals Purchases: Suspects attempted to convert illicit funds into precious metals, demonstrating a common method for laundering money.
Role of FIU:
FIU-Kosovo initiated the investigation based on an STR, demonstrating its commitment to tackling financial crime.
FIU-Kosovo extensively utilized open sources to uncover information about the suspects and their activities.
FIU-Kosovo collaborated with other FIUs via the Egmont Secure Web, securing crucial evidence.
FIU-Kosovo worked closely with the bank to delay the suspect's large transaction, preventing the loss of funds.
FIU-Kosovo advised the Special Prosecutor on issuing a stand-alone money laundering charge.
Investigative techniques:
Financial Analysis: Examining CUMA’s financial transactions, including international wire transfers and attempted precious metal purchases.
Open Source Investigations: Gathering information about OneCoin, OneLifeNetwork Ltd., and the individuals involved from publicly available sources.
International Cooperation: Utilizing the Egmont Secure Web to collaborate with other FIUs and gather information about the suspects and their activities in different jurisdictions.
Valuable indicators:
Movement of funds through multiple jurisdictions: CUMA's transactions involved various countries, indicating potential money laundering.
Suspected pyramid scheme: OneCoin exhibited characteristics of a pyramid scheme, raising red flags for financial crime.
Key findings:
CUMA was part of a global pyramid scheme: The investigation confirmed that CUMA was an integral part of the OneCoin pyramid scheme.
Suspects laundered money through various methods: The suspects used online tutorials, international wire transfers, and attempted precious metal purchases to launder illicit funds.
Kosovo's legal framework was exploited: The perpetrators took advantage of Kosovo's perceived lack of international cooperation to operate their scheme.
Recommendations:
Enhanced international cooperation: Strengthening collaboration among FIUs to combat transnational financial crime.
Increased public awareness of cryptocurrency scams: Educating the public about the risks associated with investing in unregulated cryptocurrencies.
Address legal loopholes: Revising Kosovo's legal framework to address the vulnerabilities exploited by the perpetrators.
Case Study 2: Cyber Attack Through a SWIFT Heist (Nepal, FIU-Nepal)
Background: This case involves a sophisticated cyber attack targeting XYZ Bank, a large commercial bank in Nepal. Hackers gained unauthorised access to the bank's SWIFT system, attempting to steal NPR 466 million (approximately USD 4 million).
Timeline and Key Events:
October 18-20, 2017: During the Deepawali/Tihar festival in Nepal, hackers initiated 33 unauthorised transactions using eight different Nostro accounts belonging to XYZ Bank.
October 2017: XYZ Bank's IT team discovers the cyber attack and reports the incident to FIU-Nepal, providing an STR.
Immediately following the attack: FIU-Nepal notifies the central Bank of Nepal and relevant domestic law enforcement agencies. FIU-Nepal also alerts the Egmont Group and affected countries' FIUs.16
Following the initial response: FIU-Nepal works with domestic and international authorities to recover the stolen funds.17
Methods used for financial transactions:
SWIFT System Compromise: Hackers exploited vulnerabilities in XYZ Bank's SWIFT system to initiate unauthorised financial transactions.1214
Multiple International Transfers: Stolen funds were transferred to 21 different bank accounts across nine countries.
Role of FIU:
FIU-Nepal acted swiftly upon receiving the STR, demonstrating its efficiency in addressing cybercrime.
FIU-Nepal was central in coordinating with the central bank of Nepal, law enforcement agencies, the Egmont Group, and FIUs of affected countries.
FIU-Nepal disseminated crucial information about the cyber attack and facilitated the recovery of funds.
Investigative techniques:
Forensic Analysis: KPMG, hired by XYZ Bank, conducted a forensic analysis of the bank's systems to identify the attack vectors, malware used, and IP addresses involved.
Transaction Tracing: FIU-Nepal, in collaboration with other FIUs, traced the flow of funds across various international bank accounts.
Valuable indicators:
Exploiting holiday periods: Hackers timed the attack during a major festival when banks were less likely to detect unusual activities, highlighting the vulnerability of financial institutions during holidays.
Multi-jurisdictional involvement: The cross-border nature of the attack necessitated international cooperation to effectively combat the crime and recover the stolen funds.
Key findings:
Highly sophisticated cyber attack: The hackers employed various advanced techniques to infiltrate the bank's systems and mask their activities.
SWIFT system vulnerabilities: The case exposed vulnerabilities in the SWIFT system, highlighting the need for enhanced security measures.
International cooperation is vital: The successful recovery of 85% of the stolen funds underscored the importance of swift and coordinated action among various stakeholders.
Recommendations:
Enhanced cybersecurity measures: Financial institutions should prioritize strengthening cybersecurity protocols, particularly during holidays.
Improved SWIFT system security: The SWIFT system should undergo rigorous security assessments and updates to mitigate vulnerabilities.
Strengthened international partnerships: Fostering stronger relationships and information-sharing mechanisms between FIUs and other relevant authorities.
Case Study 3: Global Money Laundering Related to Virtual Assets (Poland, FIU-Poland)
Background: This case involves an elaborate money laundering operation utilizing cryptocurrencies and a shadow banking network. The suspects laundered approximately USD 380 million, likely originating from drug trafficking and illicit activities on the dark web.
Timeline and Key Events:
February 2015: FIU-Poland receives its first request concerning the suspect, Mr. XXX, from a foreign FIU.
September 2016: Mr. XXX registers two Polish companies, AAA SP. Z O.O. and BBB SP. Z O.O., that begin transferring funds for Bitfinex.
June-November 2016: Mr. XXX establishes another foreign company, CCC CORP, which engages in similar activities.
May 2017: FIU-Poland receives a request from a foreign FIU concerning DDD LLC, another company linked to Mr. XXX and the iFinex/Bitfinex/Tether group.
September 2017: FIU-Poland receives a request from the District Prosecutor's Office related to AAA SP.Z O.O., based on a notification from a local cooperative bank.
January 2018: FIU-Poland freezes USD 20 million in incoming transfers to AAA SP. Z O.O. and issues a notification to the District Prosecutor’s Office. FIU-Poland also sends information requests to 13 other FIUs.
February 2018: The case is transferred to the Organized Crime and Corruption Unit of the National Prosecutor's Office.
Post-February 2018: Information continues to be exchanged between Polish authorities, foreign FIUs, and other relevant entities. Mr. XXX is arrested in Greece.
Methods used for financial transactions:
Cryptocurrency Transactions: The suspects used cryptocurrencies to obfuscate the origin and destination of funds, exploiting the anonymity provided by such platforms.
Shadow Banking Network: The scheme utilized a network of small cooperative banks outside major financial centres to avoid scrutiny from larger institutions.
Shell Companies: Multiple shell companies were established in different jurisdictions to further conceal the money trail.
Role of FIU:
FIU-Poland played a critical role in coordinating with 15 other FIUs to trace the flow of funds across borders.
FIU-Poland conducted a complex analysis of credit and debit transactions, identifying suspicious patterns and links between various entities.
FIU-Poland took decisive action by freezing USD 380 million in suspected illicit funds, preventing further laundering.
FIU-Poland actively shared intelligence with Polish law enforcement, foreign FIUs, and other relevant authorities, facilitating the investigation and prosecution.
Investigative techniques:
Transaction Monitoring and Analysis: Scrutinizing large volumes of credit and debit transactions associated with the suspect companies and individuals.
International Cooperation: Utilizing the Egmont Secure Web to exchange information and collaborate with FIUs in various jurisdictions.
Open Source Intelligence: Gathering information about Bitfinex, related companies, and individuals involved in the case from publicly available sources.
Valuable indicators:
Suspicious activity in smaller financial institutions: The use of cooperative banks outside major financial centres indicated an attempt to avoid scrutiny.
Cryptocurrency Intermediaries: The case underscores the evolving threat of cryptocurrency intermediaries, often operating in the "shadows," and their potential role in facilitating money laundering.
Exploitation of regulatory gaps: The case highlighted the need for stronger regulations concerning cryptocurrency intermediaries and virtual/mass accounts.
Key findings:
Global network of money launderers: The investigation uncovered a sophisticated network of individuals and companies across multiple jurisdictions collaborating to launder money.
Cryptocurrency's role in illicit finance: The case demonstrated how cryptocurrencies can be exploited for money laundering due to their perceived anonymity.
Importance of international cooperation: Dismantling such elaborate schemes necessitates effective communication and collaboration between authorities worldwide.
Recommendations:
Strengthened cryptocurrency regulations: Implementing stricter know-your-customer (KYC) and anti-money laundering (AML) regulations for cryptocurrency exchanges and intermediaries.
Increased scrutiny of smaller financial institutions: Enhancing oversight of cooperative banks and financial institutions operating outside major financial hubs.
Enhanced international cooperation: Improving information sharing, joint investigations, and asset recovery mechanisms between FIUs and other relevant authorities globally.
Case Study 4: Effective Collaboration in Business Email Compromise (BEC) Scheme (South Africa, FIC)
Background: This case involved a transnational syndicate perpetrating a business email compromise (BEC) scheme, targeting individuals purchasing property. The perpetrators impersonated legitimate parties, intercepting emails and redirecting funds to their accounts.
Timeline and Key Events:
January 20, 2016: The Financial Intelligence Centre (FIC) of South Africa receives an Egmont Secure Web request from FinCEN concerning a BEC scheme.
January 13, 2016: Mr. A, a U.S. citizen, falls victim to the BEC scheme, losing USD 202,217.25, which is transferred to three South African bank accounts.
Following FinCEN's request: The FIC investigates the identified South African bank accounts, uncovering links to individuals of Nigerian, Ghanaian, Zimbabwean, and South African descent.
Subsequent investigation: The FIC discovers the perpetrators used the stolen funds to purchase high-value vehicles and make cash withdrawals.
August 2017 - January 2018: Four similar BEC schemes occur, with the FIC successfully obtaining preservation and forfeiture orders on assets acquired with the stolen funds.
Methods used for financial transactions:
Email Account Compromise: Perpetrators infiltrated email accounts to intercept communication between property buyers and sellers.
Impersonation and Fraudulent Instructions: The syndicate posed as legitimate parties, providing victims with alternate banking details for fund transfers.
Layered Money Laundering: Stolen funds were layered through multiple South African accounts, used to purchase luxury vehicles and withdrawn as cash.
Role of FIU:
The FIC promptly acted upon receiving FinCEN's request, demonstrating effective international cooperation.
The FIC shared intelligence and collaborated with domestic law enforcement agencies, facilitating the investigation and prosecution.
The FIC's actions resulted in freezing funds, securing preservation orders, and ultimately forfeiting assets purchased with stolen money.
The FIC maintained consistent communication with FinCEN, providing updates on the investigation and facilitating information exchange between relevant authorities.
Investigative techniques:
Financial Analysis: Analyzing transactions of the identified South African bank accounts, tracing the flow of funds, and identifying money laundering patterns.
Asset Tracing: Identifying assets purchased with the stolen funds, including luxury vehicles, leading to their seizure and forfeiture.
International Cooperation: Utilizing the Egmont Secure Web to exchange information and collaborate with FinCEN, facilitating the identification and arrest of suspects in the U.S.
Valuable indicators:
Similar Domain Names: Perpetrators in BEC schemes often use email addresses with domain names similar to legitimate businesses, often with slight misspellings, to deceive victims.
Impersonation of CEOs: Criminals frequently pose as high-ranking executives, such as CEOs or CFOs, to lend credibility to their fraudulent requests for fund transfers.
Unusual Transaction Patterns: Transfers initiated near the end of the day, before weekends or holidays, or involving large sums with no prior history are potential red flags for BEC schemes.
Suspicious email communications: The case emphasizes the importance of being cautious with financial transactions conducted via email, especially regarding large sums and property purchases.
Unusual requests for payment details: Individuals should be wary of unexpected requests to change payment details or use unfamiliar accounts.
Rapid movement of funds: The quick transfer and layering of stolen funds through multiple accounts and asset purchases highlighted a red flag for money laundering.
Key findings:
Transnational BEC schemes: The case demonstrated the global reach of BEC schemes, emphasizing the importance of international cooperation.
Sophisticated money laundering techniques: Perpetrators employed layered money laundering techniques, highlighting the need for robust AML measures.
Importance of FIU collaboration: The successful outcome, including asset recovery and arrests, underscored the importance of effective communication and collaboration between FIUs and law enforcement agencies.
Recommendations:
Public awareness campaigns on BEC schemes: Educating the public about BEC tactics to mitigate victimization.
Enhanced email security protocols: Individuals and businesses should be encouraged to implement stronger email security measures, such as two-factor authentication.
Strengthened international cooperation: Continuous improvement of communication channels and information sharing between FIUs and law enforcement agencies worldwide.
Conclusion:
The landscape of financial crime is constantly evolving, shaped by rapid technological advancements and the increasing sophistication of criminal organizations. Today, financial crime is not limited to traditional forms like embezzlement or fraud; it has expanded into complex areas such as cryptocurrency fraud, cyberattacks, and global money laundering operations. Cryptocurrencies, for instance, offer criminals an avenue to transfer and hide illicit funds with greater anonymity, making it difficult for law enforcement agencies to track these transactions. Cyberattacks, on the other hand, target financial institutions and corporations, disrupting operations and leading to the theft of sensitive financial data. Furthermore, global money laundering networks take advantage of the interconnected financial systems to move illicit money across borders, making it increasingly hard for a single jurisdiction to combat these crimes effectively.
In this environment, Financial Intelligence Units (FIUs) play a pivotal role. Tasked with detecting, investigating, and prosecuting financial crimes, FIUs serve as a critical component in the fight against these ever-evolving threats. One of their key strengths lies in their ability to collaborate internationally. Financial crime often spans multiple countries, requiring global cooperation to trace transactions and bring perpetrators to justice. FIUs work closely with international counterparts, sharing intelligence and coordinating efforts to dismantle cross-border criminal networks.
The use of advanced analytics has also revolutionized how FIUs approach financial crime. By employing technologies such as artificial intelligence (AI), machine learning, and blockchain analytics, FIUs are now able to analyze vast amounts of financial data quickly and efficiently. These tools help uncover suspicious patterns in transactions that might otherwise go unnoticed, giving FIUs a proactive advantage in preventing crimes before they escalate. The ability to process and interpret complex data in real time is crucial for identifying illicit activities, especially in today’s digital and globalized financial ecosystem.
Perhaps most importantly, FIUs can act swiftly when financial crime is detected. Their ability to freeze assets immediately upon identifying suspicious activity helps prevent criminals from moving money out of reach. This quick action is particularly essential in cases of large-scale fraud or cybercrime, where criminals often attempt to transfer funds as soon as they suspect they are under investigation. Beyond freezing assets, FIUs also work with law enforcement agencies to recover stolen funds and return them to victims, reinforcing trust in the financial system.
As criminals continue to leverage technological advancements to commit crimes, FIUs must remain adaptable and forward-thinking. The dynamic nature of financial crime means that FIUs cannot rely solely on traditional investigative methods; instead, they must continuously evolve their tools, strategies, and collaborations to stay one step ahead. By leveraging their central position within the financial ecosystem—connecting financial institutions, law enforcement, and regulatory bodies—FIUs are uniquely positioned to maintain security, protect financial systems, and uphold financial integrity on a global scale. Their role is more critical now than ever before, as the fight against financial crime grows increasingly complex and global.
QnA:
Section 1: Cryptocurrency Fraud
Which cryptocurrency fraud scheme, as detailed in the sources, involved the sale of online tutorial packages that falsely promoted cryptocurrency investment opportunities?
OneCoin
Bitcoin
Ether
Litecoin
What was the key piece of evidence that enabled FIU-Kosovo to obtain a freezing order in the OneCoin case?
Section 2: Cyberattacks
What system did hackers exploit in the Nepal case study to attempt the theft of NPR 466 million from XYZ Bank?
Fedwire
CHIPS
SWIFT
TARGET2
What method did the perpetrators of the cyberattack on XYZ bank use to initially access the bank's systems, according to the source material?
Section 3: Money Laundering
In the Polish money laundering case, what types of financial institutions were utilized by the perpetrators to move illicit funds?
Major international banks
Small cooperative banks
Credit unions
Online payment platforms
According to the sources, what type of criminal activity was suspected as the primary source of funds in the Polish money laundering case involving Mr. XXX?
Section 4: Business Email Compromise (BEC)
What method did perpetrators use in the South African BEC case to deceive victims into transferring funds to fraudulent accounts?
Phishing emails containing malicious links
Spoofed websites mimicking legitimate businesses
Compromised email accounts and fraudulent instructions
Malware infections on victims' computers
What type of purchase did the perpetrators in the South African BEC case use the stolen funds for, as described in the sources?
Section 5: FIU Roles and Strategies
Which of the following is NOT a key role of Financial Intelligence Units (FIUs) in combating financial crime, as highlighted in the sources?
Prosecuting individuals suspected of financial crimes.
Collaborating with international counterparts to dismantle cross-border criminal networks.
Freezing assets immediately upon identifying suspicious activity.
Working with law enforcement agencies to recover stolen funds.
How can Financial Intelligence Units (FIUs) utilize technology to combat financial crime more effectively?
Answers:
OneCoin
An invoice listing OneLifeNetwork Ltd. Belize as the beneficiary.
SWIFT
The perpetrators accessed the bank's system by hacking into the bank's SWIFT system.
Small cooperative banks
Drug trafficking
Compromised email accounts and fraudulent instructions
High-value vehicles
Prosecuting individuals suspected of financial crimes.
FIUs can utilize technology such as AI, machine learning, and blockchain analytics to analyze large amounts of financial data.
Play / Stop Audio
