“Money mules are a basic necessity for cybercriminals, because hackers who drain bank accounts of victims in the U.S. and Europe don’t want to leave a trail that can be followed by police.”
On October 15, 2020, the U.S. Department of Justice (DOJ) and Europol announced the coordinated arrest of 20 individuals tied to QQAAZZ, a criminal network, “which attempted to launder tens of millions of euros on behalf of the world’s foremost cybercriminals.” The DOJ in their statement applauded the international cooperation in the investigation from the European partners, as this criminal syndicate had implications on approximately 16 countries. According to Europol’s press release, the international sweep involved more than 40 hours of searches in Latvia, Bulgaria, the UK, Spain and Italy. In an accompanying infographic, Europol depicts “Operation 2BaGoldMule” with graphic showing the affected areas, cooperating nations, and the modus operandi of the group, QQAAZZ.
Simply, the criminals used sophisticated malware to steal money from victims’ accounts. Money mules then used both legitimate and fraudulent identification to open bank accounts all over the world. These funds were used to create and register shell companies that opened more accounts that facilitated the reinvestment of funds in to a more legitimate means. As further explained by Bloomberg – “[t]he group maintained hundreds of accounts in banks in Portugal, Spain, Belgium, Turkey and the U.K., often shifting stolen funds between multiple accounts before converting them into untraceable cryptocurrency that was then provided to the hackers.”
While the investigation has been ongoing since 2016, preceding the global pandemic, the investigation highlights that the victim pool can be quite diverse. According to the DOJ, the U.S. victims included a mix of individuals, various small businesses, and a synagogue located from the west coast of California to the northeast in Connecticut, all the way down to Florida. In a time where individuals and businesses are desperate for revenue to help survive the current economic challenges, the pandemic has created a target-rich environment for cybercriminals.
As I discussed in my December 2019 post, “Money Muling is Money Laundering”, and again in April 2020 , “Furloughed or Fired, Quarantine Money Making Opportunities may be too good to be true”, the U.S. and EU law enforcement groups have been pushing a campaign on money mule awareness for years and the pandemic has seen these groups underscore the importance of consumer protections against these schemes. While Operation 2BaGoldMule has uncovered a significant criminal scheme that resulted in the laundering or attempted laundering of tens of millions of dollars/euros and exploited numerous victims across many countries, the scheme was uncovered through international cooperation. In a time when the world is suffering together through pestilence and poverty, a team win is welcomed hope.
QQAAZZ mimicked the structure of a sophisticated corporation, according to a U.S. federal indictment unsealed Thursday. Mid-level managers organized networks of bank accounts and shell companies in several countries, while money mules shuffled millions of dollars in stolen funds back to the hackers -- with QQAAZZ taking a cut of as much as 50%.