Court documents show that Alaumary and his co-conspirators used business email compromise schemes, ATM cash-outs, and bank cyber-heists to steal money from victims and then launder the money through bank accounts and digital currency.
Ghaleb Alaumary, 36, of Mississauga, Ontario, who is a dual Canadian and US citizen, was sentenced after pleading guilty to two counts of conspiracy to commit money laundering in two cases, one of which was filed in Los Angeles. As part of his sentence that covers both cases, Alaumary was ordered to pay more than €25 million ($30 million) in restitution to victims.
Watch: 3 arrested in UK over €13m BOV cyber-heist
The funds included those from North Korean-perpetrated crimes, including the 2019 cyber-heist of BOV and the 2018 ATM cash-out theft from BankIslami in Pakistan.
The man recruited and organised individuals to withdraw stolen cash from ATMs, he provided bank accounts that received funds from bank cyber-heists and fraud schemes; and, once the ill-gotten funds were in accounts he controlled, Alaumary further laundered the funds through wire transfers, cash withdrawals, and by exchanging funds for cryptocurrency.
Alaumary targeted other entities including a bank headquartered in India, as well as companies in the US and UK, individuals in the US, and a professional football club in the UK.
The accused conspired with others who sent fraudulent “spoof” emails to a university in in Canada in 2017 to make it appear the emails were from a construction company requesting payment for a major building project. The university, believing it was paying the construction company, wired 11.8 million Canadian dollars (approximately €7.89 million) to a bank account controlled by Alaumary and his co-conspirators.
Alaumary then arranged with individuals in the U.S. and elsewhere to launder the stolen funds through various financial institutions. Weeks later, Alaumary arranged for a co-conspirator in the United States to make several trips to Texas to impersonate wealthy bank customers in a scheme to steal hundreds of thousands of dollars from victims’ accounts using the victims’ stolen personally identifiable information.
The investigations of Alaumary were conducted by the United States Secret Service’s Savannah Field Office, the FBI’s Los Angeles Field Office, and the United States Secret Service’s Los Angeles Field Office and Global Investigative Operations Center. The FBI’s Criminal Investigative Division also provided substantial assistance. Three North Koreans are indicted for their alleged roles with the Lazarus Group to which Alaumary has been linked and which has been associated with the regime’s military intelligence agency, the Reconnaissance General Bureau.
The prosecutors have alleged that the group used malware in the 2018 WannaCry global ransomware attack, the 2016 theft from Bangladesh Bank and the 2014 attack on Sony Pictures Entertainment. The three men are believed to be in North Korea, however, it is unlikely that they would face criminal proceedings since the country does not extradite suspects to America.
Three more arrested in connection with BOV cyber-heist On 13 February 2019, Bank of Valletta shut down all its operations after hackers broke into its systems and moved €13 million into foreign accounts.
Earlier this year, a Nigerian Instagram influencer linked to the BOV cyber-heist pleaded guilty to money laundering charges in a US court. Ramon Abbas, also known Hushpuppi, pleaded guilty to a raft of financial crime and hacking charges.
The guilty plea was submitted back in April and he could now face up to 20 years in prison. Abbas was detained in June 2020 in Dubai. He was then handed over to FBI agents who charged him with hacking and money laundering crimes which cost victims some $24 million.