This is the web version of this week’s edition of The Wiretap newsletter, which every Tuesday brings exclusives and other news about surveillance, privacy and cybercrime, straight to your inbox. Click here to get on the newsletter list!
In June last year, hackers took control of an email account belonging to an employee at heavy machinery manufacturer Mountain Crane. The hackers used their access to send an invoice totalling $1.75 million to one of the company’s customers, wind turbine giant Nordex, which then unwittingly paid the hackers over $800,000. A month later, Nordex realized it had been defrauded and contacted the FBI.
The fraud, outlined in a search warrant obtained by Forbes, was a classic case of what’s known as Business Email Compromise (BEC), one of the most common and financially devastating cyberattacks, costing the U.S. $2.7 billion in 2022 alone. But something strange caught the FBI’s attention: $50,000 of the stolen funds were sent to the bank account of Dr. Kelechi Ofoegbu, a Nigerian government official and regulator of the oil and gas industry. Ofoegbu is currently an executive commissioner at the Nigerian Upstream Petroleum Regulatory Commission, and previously worked at energy giants Shell and Eland Oil & Gas.
Ofoegbu has strenuously denied any wrongdoing and said funds from his bank account were wrongly seized. “I am completely innocent and would crave an opportunity to prove this,” he told Forbes. He said he has been banned from travelling to the U.S. and was only made aware of the Nordex fraud after Forbes contacted him about the allegations.
The Department of Justice declined to comment any further on the case. Mountain Crane didn’t respond to requests for comment. Nordex spokesperson Antje Eckert said the company was working with law enforcement on the case, adding that the company had been told the FBI recovered the full amount paid.
Why Ofoegbu allegedly had the money in his account remains a mystery, however. You can read the court document on the case here.
THE BIG STORY
New Orleans’ Problems With Facial Recognition
Politico obtained records from New Orleans’ facial recognition program, showing how it was regularly used on Black communities and often failed to do its basic function: identifying suspects.
THE STORIES YOU HAVE TO READ TODAY
An Oracle employee has been accused of helping two imprisoned cocaine dealers hide and launder $54 million worth of cryptocurrency, Forbes reports. One of the dealers says the money was legitimately obtained and entrusted to the employee, Brian Krewson, a dead ringer for Brian Cranston’s Breaking Bad antihero Walter White, and whose side hustle is party entertainment through his fire-breathing, stilt-walking Mr. Poto persona.
A hacking tool known as Flipper Zero is being used to effectively render iPhones useless by sending them repeated pop-ups and forcing reboots, Ars Technica reports. The tool only functions within range of an iPhone’s bluetooth: in one recent case, a group of train passengers’ phones were attacked at the same time.
WINNER OF THE WEEK
In the middle of Israel’s war with Hamas, Tel Aviv-based startup Talon Cyber Security was acquired for a reported $625 million by Palo Alto Networks. Forbes first reported on Talon — which secures customer networks from security threats brought in via an employee’s personal phone or laptop — in 2021, after it raised a $26 million seed round. In the last six years, cofounder Ofer Ben-Noon has overseen two exits worth a combined $1 billion, following the sale of his automotive cyber company Argus to Continental AG in 2017.
LOSER OF THE WEEK
Data brokers are selling sensitive data of military personnel for less than $1 per person, according to research carried out by Duke University academics. The brokers are taking advantage of lax legislation around data trading, but could also be endangering national security, the researchers warned.
Read the full article here