An Instagram super-star with 2.3 million followers has been extradited to America accused of conspiring to launder hundreds of millions of dollars obtained via cyber-crime. He faces up to 20 years behind bars if convicted.
Nigerian-born Ramon Olorunwa Abbas, a 37-year-old known as Hushpuppi on Instagram and The Billionaire Gucci Master!!! on Snapchat, was charged in Los Angeles, California, with one count of conspiracy to engage in money laundering. He was nabbed and hauled off to the States after the FBI, armed with warrants, tracked him down to his opulent pad in the United Arab Emirates (UAE) via his social media, iCloud, and Gmail accounts.
Abbas arrived in the US on Thursday, and is being held in Chicago. He is expected to arrive in LA to appear in court "in the coming weeks."
Abbas relaxes in a private jet for an Instagram pic ... Feds claim he got sloppy on security – should have read El Reg. Source: Court filings
Abbas allegedly ran so-called business email compromise (BEC) scams, which typically involve hijacking email accounts, or impersonating strangers in emails, to fool victims into transferring money to the scammer's bank account rather than a legit recipient. For example, a BEC fraudster, masquerading as a legitimate supplier, might send a fake invoice to an organization in the hope whoever processes the paperwork falls for the ruse and wires payment to the scammer's account.
"While this arrest has effectively taken a major alleged BEC player offline, BEC scams represent the most financially costly type of scheme reported to the FBI," Paul Delacourt, the assistant director in charge of the FBI's Los Angeles office, said on Friday.
"I urge anyone who transfers funds personally or on behalf of a company to educate themselves about BEC so they can identify this insidious scheme before losing sizable amounts of money."
Online footprints prove easily traceable
Hushpuppi's rap sheet [PDF] describes two specific alleged BEC capers, though prosecutors claimed they have evidence of multiple scams committed by the Instagrammer and his crew.
Anatomy of a business email scam: FBI dossier details how fraudster pocketed $500k+ by redirecting paymentsREAD MORE
For the first alleged scam, it is said Hushpuppi and two co-conspirators gained access to communications at a New York law firm specializing in real estate and, impersonating a real client, convinced the lawyers to re-route $922,857 in bank transfers to accounts owned by the trio, who then laundered the cash. That's when the Feds stepped in, we're told.
For the second alleged caper, prosecutors said, Hushpuppi's crew helped to launder portions of €13m a hacker stole from a European bank via the SWIFT transfer system, by providing multiple bank accounts in which the money was deposited before eventually being wired out to the cyber-heist's mastermind, with Hushpuppi and his pals taking a cut.
While all this was going on, prosecutors claimed, Hushpuppi was living the high life in Dubai and other high-end destinations, posting Instagram pictures of himself in front of flash cars while showing off designer brands.
Abbas is also accused of running a money-laundering ring that had its eye on hundreds of millions of dollars, including $100m he apparently conspired to steal from an unnamed English Premier League soccer club. In another alleged scheme, it is said Abbas and his co-conspirators wanted to move £200m from a company operating out of Edinburgh, Scotland.
According to FBI Special Agent Andrew Innocenti, the g-men got hold of the iPhone of one of Abbas's alleged co-conspirators and found a number in the contacts, labeled Hush, used to discuss the mega-fraud, along with messages to the Snapchat account hushpuppi5, all pointing to Abbas's online persona. In June, after the FBI came calling with warrants, Instagram and Snapchat coughed up details of Abbas's accounts, including an Apple email address firstname.lastname@example.org. Apple handed over the details on that account, and it listed a physical address in Dubai and a Gmail address used to set up the Apple account, also named rayhushpuppi.
Proof money doesn't buy you taste ... More snaps from Hushpuppi's Instagram account. Source: Court filings
One federal search warrant later, and the Gmail inbox revealed a host of other clues. These included confirmation of his address, flight itineraries, bills for his Apple account, and, crucially, a scan of his Nigerian passport and his Dubai resident's card, confirming his true identity. It also appeared Abbas got sloppy, linking his personal Gmail address to multiple financial accounts used to launder the money, it's claimed, as well as for Western Union money transfer accounts.
But wait, there's more
The snaring of Abbas was one of two BEC busts as a result of cooperation between the UAE and the FBI.
While not as high profile as Hushpuppi's alleged antics, an operation allegedly headed up by another Nigerian Olalekan Jacob Ponle, was also apparently exposed. American prosecutors said their charge against Ponle were serious enough for the UAE to expel Ponle from the country, whereupon he was immediately picked up by the Feds and hauled into Chicago.
Ponle is accused of one count of conspiracy to commit wire fraud. The allegation [PDF] stems from a pair of BEC attacks against Chicago-based companies which Ponle was said to have masterminded. In those cases, the two businesses were duped into rerouting bank transfers totaling up to $2.3m and $15.27m, respectively. The payments were run by Ponle through a series of money mules, the FBI claims, who converted the stolen cash into Bitcoin purchases that Ponle received.
In a similar style to its sleuthing with Abbas, the FBI got records of the Bitcoin wallet, through which $6.6m was transferred, from cryptocurrency payments processor Bitpay. This wallet was linked to a specific Apple account, and when Cupertino coughed up the details, investigators found a scan of Ponle's UAE identity card. Ponle is next set to appear in court on July 9. ®