The flamboyant Nigerian social media influencer involved in the spectacular 2019 €13 million Bank of Valletta cyberheist has been jailed in the United States for 11 years for his role in an international crime syndicate that included North Korean government hackers.
In addition to his role in the BOV heist, ‘Hushpuppi’— whose real name is Ramon Abbas — also admitted to “several other cyber and business email compromise schemes that cumulatively caused more than $24 million in losses”, the US Justice Department said.
He will serve a 135-month US federal prison term after pleading guilty to money laundering and attempting to launder the proceeds of the BOV heist. A Los Angeles judge also ordered him to pay $1,732,841 in restitution to two fraud victims not related to the BOV scam.
A US Justice Department statement on Monday coinciding with the sentence noted how, “In January 2019, Abbas conspired with [fellow defendant] Ghaleb Alaumary to launder funds stolen from a bank in Malta by providing account information for banks in Romania and Bulgaria.”
“The United States has charged North Korean hackers with committing the bank cyber-heist in Malta, and alleged that those funds were destined for the North Korean government. Abbas has admitted that the intended loss with respect to the Maltese bank was approximately $14.7 million.”
The US Justice Department accused him of participating in a “North Korean-perpetrated cyber-enabled heist from a Maltese bank in February 2019”, and of working with North Korean hackers to launder the stolen funds.
The influencer was apprehended in Dubai in June 2020 by Emirati police working in conjunction with FBI agents and was subsequently taken to the US. He initially maintained his innocence but later struck a plea bargain with US authorities in the hope of getting a lighter sentence, pleading guilty in July 2021 to Count Two – ‘Conspiracy to Engage in Money Laundering’ — which carries a maximum sentence of 20-years in prison and full restitution.
Abbas also pleaded guilty in July 2021 to charges filed by the US Attorney’s Office in Los Angeles of conspiring to launder hundreds of millions of dollars from “business email compromise” (BEC) frauds and other scams, including the one perpetrated against Bank of Valletta.
According to the FBI’s affidavit, the “hit” on Bank of Valletta had been planned for 12 February 2019 and Abbas had sent account information for a Romanian bank to his co-conspirator, an account he said could be used for “large amounts”.
He then sent screenshots showing that the funds had not arrived in the Romanian bank account the next day. His partner replied, “today they noticed and pressed a recall on it, it might show and block or never show”.
His cohort then sent an image of a news article to Abbas detailing the theft of funds from the foreign financial institution, followed by a message stating “look it hit the news”. Abbas replied “damn” and the co-conspirator added “next one is in few weeks will let you know when it’s ready. Too bad they caught on or it would been a nice payout.”
The US Attorney’s Office for the Central District of California described in the plea bargain agreement how, between January 2019 and June 2020, Abbas “knowingly combined, agreed, and conspired with multiple other persons (“co-conspirators”) to conduct financial transactions into, within, and outside the United States involving property that represented the proceeds of wire fraud”.
Abbas is a Nigerian social media influencer called ‘Hushpuppi’ with more than 2.5 million followers on Instagram, where he showcases lavish cars, watches, designer clothes and private jets.
His name emerged among details of a larger international criminal conspiracy that included North Korean state hackers involved in “a series of destructive cyberattacks, to steal and extort more than $1.3 billion of money and cryptocurrency from financial institutions and companies,” according to the US Justice Department’s statement of indictment.
FBI Deputy Director Paul Abbate said in the statement that the indictment expands the FBI’s 2018 charges for the “unprecedented cyberattacks conducted by the North Korean regime.”
Assistant Attorney General John C. Demers of the Justice Department’s National Security Division added, “As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers.”
Abbas is linked to one specific part of the “broad array of criminal cyber activities undertaken by the conspiracy,” namely money laundering and the attack on a “foreign financial institution”, which was the Bank of Valletta cyber-heist of February 2019.
Abbas was linked to the North Korean conspiracy when US federal prosecutors unsealed a charge against Ghaleb Alaumary, 37, of Ontario, Canada. Alaumary pleaded guilty to charges filed in November 2020 related to his role as a money launderer for the North Korean group.
The US Justice Department connected Abbas to the North Korean hackers through Alaumary, who they allege “conspired” with him to “launder funds from a North Korean-perpetrated cyber-enabled heist from a Maltese bank in February 2019.”
The UK’s National Crime Agency also explained how hackers were able to access Bank of Valletta’s systems and transfer the money into foreign accounts, from where some of the funds were spent on luxury goods such as Rolex watches and an Audi A5.
BOV had been forced to shut down its operations at the time of the hack, with branches, ATMs, mobile banking, its website and email services all suspended. Then prime minister Joseph Muscat was even obliged to make a parliamentary statement.
In May 2019 BOV said it had recovered €10 million of the sum, and a further six people were arrested in Northern Ireland in connection with the heist.
The North Korean connection
In February of last year, the US charged three North Korean hackers for having conspired with Abbas and others to launder funds from a North Korean-perpetrated cyber-enabled heist from BOV. Last summer, the US Attorney’s Office in Los Angeles charged Abbas in a separate case alleging that he conspired to launder hundreds of millions of dollars from BEC frauds and other scams.
They are accused of having attempted to perpetrate cyber-enabled heists between 2015 and 2019 from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta and Africa by hacking the banks’ computer networks and sending fraudulent Society for Worldwide Interbank Financial Telecommunication (SWIFT) messages.
According to the US Justice Department, they participated “in a wide-ranging criminal conspiracy to conduct a series of destructive cyber-attacks, to steal and extort more than $1.3 billion of money and cryptocurrency from financial institutions and companies, to create and deploy multiple malicious cryptocurrency applications, and to develop and fraudulently market a blockchain platform.”
The three North Korean hackers that attacked BOV were members of units of the Reconnaissance General Bureau (RGB), a military intelligence agency of the Democratic People’s Republic of Korea (DPRK), which engages in criminal hacking. These North Korean military hacking units are known by multiple names in the cybersecurity community, including Lazarus Group and Advanced Persistent Threat 38 (APT38).
“The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering,” said then-Acting US Attorney Tracy L. Wilkison. “The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime.”
“As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than masks and guns, are the world’s leading 21st century nation-state bank robbers,” said Assistant Attorney General John Demers of the Justice Department’s National Security Division. “The department will continue to confront malicious nation state cyber activity with our unique tools and work with our fellow agencies and the family of norms abiding nations to do the same.”