ATLANTA, GA– November 28, 2016– Damilola Solomon Ibiwoye and Olayinka Olaniyi, citizens of Nigeria living in Kuala Lumpur, Malaysia, were extradited to the United States and arraigned in federal court in Atlanta on November 18, 2016, in connection with a series of alleged “phishing scams” that targeted colleges and universities across the country, including the Georgia Institute of Technology (“Georgia Tech”).In connection with their arraignment, U.S. Attorney John Horn announced the creation of a Cybercrime Unit within the Atlanta U.S. Attorney’s Office Criminal Division. The new unit is designed to combat the growing threat of cybercrime in its many forms, such as “hacks” into private networks and theft of proprietary data; the creation and use of malware to harvest personal financial information and logins; and the operation of illicit marketplaces on the darknet. The cyber unit will operate within the office’s Financial Fraud & Cyber Crime Section and will be staffed with five highly-trained and experienced federal prosecutors dedicated to prosecuting cybercrime and assisting federal agencies in their cyber investigative efforts around the world.
“Our office holds a distinguished history of prosecuting some of the highest-profile cyber matters in the country, from the creators of the SpyEye and Citadel malware to the foreign nationals responsible for the hacks into RBS WorldPay, E*Trade, and other corporations,” said U.S. Attorney Horn. “And we have successfully ensured that some of these criminals, who believe themselves to be safe in the shadows of the darknet, are brought to justice in U.S. court. The creation of a dedicated Cyber Unit will build on this expertise to aggressively identify and investigate the newest directions in cybercrime whether committed by individuals, syndicates, or even state actors here or abroad.”
The U.S. Attorney’s Office for the Northern District of Georgia was one of 30 offices across the country that was recently allocated an additional Assistant U.S. Attorney position for the purpose of enhancing its cybercrime prosecution efforts. The awarding of this position reflects the office’s past success in combating cybercrime threats, as well as the need to enhance those efforts against new and emerging cyber threats.
The newly formed cyber unit will investigate and prosecute, among other things, computer hacking, intellectual property theft, and related offenses, including (a) the development or distribution of malware; (b) the theft of property or information from a protected computer, including personal identifying information, health records, financial information, intellectual property, trade secrets, and other sensitive information; (c) distributed denial of service (DDOS) attacks on web servers, and (d) computer intrusions that directly or indirectly impact national infrastructure and national security interests.
The unit will also focus on building and maintaining productive working relationships with the private sector, collaborating on cyber defense practices through one-on-one meetings, seminars, panels, task forces, and case interactions. Cyber prosecutors in the office already regularly participate in numerous speaking engagements each year, and will continue to do so as part of the cyber unit.
The indictment of Damilola Solomon Ibiwoye, 27, and Olayinka Olaniyi, 32, alleges that the defendants directed phishing emails to college and university employees. A “phishing scam” is the act of sending fraudulent emails that appear to come from legitimate enterprises for the purpose of acquiring personal information, including usernames and passwords. The alleged phishing scam targeted Georgia Tech and other colleges and universities in the United States. Once employees entered their login and password information, the defendants captured their personal information and used that information to change payroll direct deposit payment information and fraudulently directed payroll deposits into bank accounts they controlled. The FBI, with the assistance of Georgia Tech, and the Malaysian government, were able to determine that the defendants allegedly launched their phishing attacks while living in Kuala Lumpur, Malaysia. In total, the defendants and co-conspirators allegedly stole over $1 million dollars from over 25 colleges and universities in the United States.
“The arrests and subsequent extraditions of Ibiwoye and Olaniyi are the direct result of global cooperation among US and international law enforcement and the private sector. Individuals and groups targeting US institutions and citizens from abroad through cyber-attacks and spear phishing emails should no longer feel confident that they will remain anonymous and protected by geographic boundaries. These efforts demonstrate the FBI’s commitment to identifying and pursuing cyber criminals world-wide, and serves as a strong deterrent to others targeting American institutions and citizens through email phishing scams. This case should also serve as a reminder to the public to remain vigilant of the continued use of phishing emails seeking to steal their personal information,” said David J. LeValley, Special Agent in Charge, FBI Atlanta Field Office, stated.
The defendants were arraigned before U.S. Magistrate Judge Linda T. Walker on November 18, 2016. A federal grand jury in the Northern District of Georgia returned an indictment against Damilola Solomon Ibiwoye, 27, and Olayinka Olaniyi, 32, on December 15, 2015, on charges of conspiracy to commit wire fraud, computer fraud and aggravated identity theft. Both defendants have been in Malaysian custody since their arrests last year, pending completion of extradition proceedings.
Members of the public are reminded that the indictment referenced above only contains charges. The defendants are presumed innocent of the charges and it will be the government’s burden to prove the defendants’ guilt beyond a reasonable doubt at trial.
This case is being investigated by the Federal Bureau of Investigation.
Assistant United States Attorney Jeffrey A. Brown is prosecuting the case.
If your company or clients wish to participate in future outreach efforts by the Cyber Unit concerning best practices, or for further information about this case, please contact the U.S. Attorney’s Public Affairs Office at USAGAN.PressEmails@usdoj.gov