Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Canadian-US National Sentenced to Prison for Cybercrime Schemes

A Canadian and U.S. dual-national was sentenced to 11 years in prison for laundering illicit funds from cybercrime schemes such as business email compromise, ATM cash-outs, and bank cyber-heists.

A Canadian and U.S. dual-national was sentenced to 11 years in prison for laundering illicit funds from cybercrime schemes such as business email compromise, ATM cash-outs, and bank cyber-heists.

The man, Ghaleb Alaumary, 36, of Mississauga, Ontario, pleaded guilty to two counts of money laundering conspiracy and received a 140-months prison sentence.  He was also ordered to pay more than $30 million in restitution.

Documents presented in court show that Alaumary and his co-conspirators engaged in ATM cash-out operations, BEC schemes, and bank cyber-heists to steal funds. Then, they used various bank accounts and digital currency to launder the money.

Alaumary pleaded guilty in the Southern District of Georgia in one money laundering case in which he conspired to send spoofed emails to a Canadian university in 2017. The emails purported to come from a construction company and demanded that payment was made for a major building project.

[ READ: Zoho Confirms Zero-Day Authentication Bypass Attacks ]

The scheme resulted in the university wiring $11.8 million CAD (roughly $9.4 million USD) to a bank account controlled by Alaumary and his co-conspirators, who then arranged with various people in the U.S. and abroad to launder the funds, according to a statement from the U.S. Justice Department.

Weeks later, Alaumary was involved in a scheme in which a co-conspirator made several trips to Texas to steal hundreds of thousands of dollars through impersonating wealthy bank customers. 

Advertisement. Scroll to continue reading.

Alaumary pleaded guilty in a second case to recruiting individuals to withdraw stolen funds from ATMs. The funds came from bank cyber-heists and various fraud schemes and were laundered through cash withdrawals, wire transfers, and through cryptocurrency.

Some of the funds, the United States Department of Justice reveals, came from a 2019 Maltese bank cyber-heist perpetrated by North Korean hackers.

Alaumary and his co-conspirators also targeted banks headquartered in India, Malta, and Pakistan, as well as businesses in the U.S. and the U.K., individuals in the U.S., and a professional soccer club in the U.K.

Related: US Sentences Russian, North Macedonian in Cyber Fraud Case

Related: ‘Money Mule’ Operator Gets Seven-Year Prison Sentence 

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.