A Nigerian man has admitted being part of a computer hacking and identity theft scheme that targeted a number of United States government agencies, New Jersey authorities announced this week.
According to the FBI, 30-year-old Abiodun Adejohn and his conspirators sent fraudulent emails to the employees of several government organizations in an effort to lure them to phishing sites designed to mimic the legitimate webmail login pages of government agencies.
Court documents show that the fraudsters targeted organizations like the US Environmental Protection Agency and the US Department of Commerce-Census Bureau between at least 2012 and December 2013. They used the phished email credentials to access the accounts from which they placed orders for office products, usually printer toner cartridges, at vendors authorized to do business with the government.
The vendors were told to ship the orders to various people in New Jersey and other locations who were tasked with repackaging the items and sending them overseas to the fraudsters. The items were later sold on the black market for a profit, the FBI said.
The individuals responsible for repackaging the office products were paid by Adejohn and his conspirators via money transfers using services like Western Union. According to court documents, these “repackagers” were “unwitting individuals,” which suggests that they might have been tricked into participating in the scheme by being offered legitimate-looking jobs.
In December 2013, Trend Micro researchers detailed such an operation run by fraudsters in Russia. At the time, experts highlighted the fact that many of these “workers” never actually get paid, and they quickly get replaced if the masterminds of the operation believe they could pose a risk.
Adejohn ─ who used aliases like “James Williams,” “Olawale Adeyemi,” “Abiodun Ade John” and “Abiodun Ade-John” ─ was arrested in September 2013 in Arizona and he has been in custody ever since. He has pleaded guilty to one count of wire fraud conspiracy for which he faces up to 20 years in prison and a $250,000 fine. Sentencing has been scheduled for September 9.
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Google Patches Third Chrome Zero-Day of 2023
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
