Your 2.3m Instagram fans won't stop the FBI... Web star accused of plotting to launder millions from cyber-crime

Bloke calling himself Hushpuppi extradited, allegedly conspired to steal $100m from English Premier League soccer club among others

An Instagram super-star with 2.3 million followers has been extradited to America accused of conspiring to launder hundreds of millions of dollars obtained via cyber-crime. He faces up to 20 years behind bars if convicted.

Nigerian-born Ramon Olorunwa Abbas, a 37-year-old known as Hushpuppi on Instagram and The Billionaire Gucci Master!!! on Snapchat, was charged in Los Angeles, California, with one count of conspiracy to engage in money laundering. He was nabbed and hauled off to the States after the FBI, armed with warrants, tracked him down to his opulent pad in the United Arab Emirates (UAE) via his social media, iCloud, and Gmail accounts.

Abbas arrived in the US on Thursday, and is being held in Chicago. He is expected to arrive in LA to appear in court "in the coming weeks."

Ramon Olorunwa Abbas relaxing in a private jet

Abbas relaxes in a private jet for an Instagram pic ... Feds claim he got sloppy on security – should have read El Reg. Source: Court filings

Abbas allegedly ran so-called business email compromise (BEC) scams, which typically involve hijacking email accounts, or impersonating strangers in emails, to fool victims into transferring money to the scammer's bank account rather than a legit recipient. For example, a BEC fraudster, masquerading as a legitimate supplier, might send a fake invoice to an organization in the hope whoever processes the paperwork falls for the ruse and wires payment to the scammer's account.

"While this arrest has effectively taken a major alleged BEC player offline, BEC scams represent the most financially costly type of scheme reported to the FBI," Paul Delacourt, the assistant director in charge of the FBI's Los Angeles office, said on Friday.

"I urge anyone who transfers funds personally or on behalf of a company to educate themselves about BEC so they can identify this insidious scheme before losing sizable amounts of money."

Online footprints prove easily traceable

Hushpuppi's rap sheet [PDF] describes two specific alleged BEC capers, though prosecutors claimed they have evidence of multiple scams committed by the Instagrammer and his crew.

Money laundering

Anatomy of a business email scam: FBI dossier details how fraudster pocketed $500k+ by redirecting payments


For the first alleged scam, it is said Hushpuppi and two co-conspirators gained access to communications at a New York law firm specializing in real estate and, impersonating a real client, convinced the lawyers to re-route $922,857 in bank transfers to accounts owned by the trio, who then laundered the cash. That's when the Feds stepped in, we're told.

For the second alleged caper, prosecutors said, Hushpuppi's crew helped to launder portions of €13m a hacker stole from a European bank via the SWIFT transfer system, by providing multiple bank accounts in which the money was deposited before eventually being wired out to the cyber-heist's mastermind, with Hushpuppi and his pals taking a cut.

While all this was going on, prosecutors claimed, Hushpuppi was living the high life in Dubai and other high-end destinations, posting Instagram pictures of himself in front of flash cars while showing off designer brands.

Abbas is also accused of running a money-laundering ring that had its eye on hundreds of millions of dollars, including $100m he apparently conspired to steal from an unnamed English Premier League soccer club. In another alleged scheme, it is said Abbas and his co-conspirators wanted to move £200m from a company operating out of Edinburgh, Scotland.

According to FBI Special Agent Andrew Innocenti, the g-men got hold of the iPhone of one of Abbas's alleged co-conspirators and found a number in the contacts, labeled Hush, used to discuss the mega-fraud, along with messages to the Snapchat account hushpuppi5, all pointing to Abbas's online persona. In June, after the FBI came calling with warrants, Instagram and Snapchat coughed up details of Abbas's accounts, including an Apple email address Apple handed over the details on that account, and it listed a physical address in Dubai and a Gmail address used to set up the Apple account, also named rayhushpuppi.

Hushpuppi standing in front of some expensive cars

Proof money doesn't buy you taste ... More snaps from Hushpuppi's Instagram account. Source: Court filings

One federal search warrant later, and the Gmail inbox revealed a host of other clues. These included confirmation of his address, flight itineraries, bills for his Apple account, and, crucially, a scan of his Nigerian passport and his Dubai resident's card, confirming his true identity. It also appeared Abbas got sloppy, linking his personal Gmail address to multiple financial accounts used to launder the money, it's claimed, as well as for Western Union money transfer accounts.

But wait, there's more

The snaring of Abbas was one of two BEC busts as a result of cooperation between the UAE and the FBI.

While not as high profile as Hushpuppi's alleged antics, an operation allegedly headed up by another Nigerian Olalekan Jacob Ponle, was also apparently exposed. American prosecutors said their charge against Ponle were serious enough for the UAE to expel Ponle from the country, whereupon he was immediately picked up by the Feds and hauled into Chicago.

Ponle is accused of one count of conspiracy to commit wire fraud. The allegation [PDF] stems from a pair of BEC attacks against Chicago-based companies which Ponle was said to have masterminded. In those cases, the two businesses were duped into rerouting bank transfers totaling up to $2.3m and $15.27m, respectively. The payments were run by Ponle through a series of money mules, the FBI claims, who converted the stolen cash into Bitcoin purchases that Ponle received.

In a similar style to its sleuthing with Abbas, the FBI got records of the Bitcoin wallet, through which $6.6m was transferred, from cryptocurrency payments processor Bitpay. This wallet was linked to a specific Apple account, and when Cupertino coughed up the details, investigators found a scan of Ponle's UAE identity card. Ponle is next set to appear in court on July 9. ®

Similar topics

Broader topics

Narrower topics

Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022