Categories: CyberCrimeSecurity

US Department of Defence Hit By $23m Phishing Attack

Hackers stole $23 million (£18m) from the US Department of Defence in 2018 through an eloaborate phishing scam, according to the US Justice Department, which said it has successfully convicted two of the conspirators.

Sercan Oyuntur, 40, of Northridge, California, was convicted of counts including wire fraud, bank fraud and aggravated identity theft last week, following an eight-day trial in Camden, New Jersey federal court.

Another conspirator, Hurriyet Arslan, of New Jersey, pleaded guilty in January 2020 to conspiracy, bank fraud and money laundering and is due to be sentenced in June, the Justice Department said.

Phishing attack

From June to September 2018 the two men, along with others in Germany and Turkey, circulated phishing emails to various government contractors.

One of these, a jet fuel supplier’s intermediary based in New Jersey, was tricked by the scheme into supplying his login credentials to a malicious website posing as the General Services Administration’s public-facing site.

Arslan, who oned a used car dealership called Deal Automotive Sales in Florence, New Jersey, was tasked with creating a shell company, setting up a mobile phone number for the firm, hiring someone to pose as the firm’s owner and opening a bank account in the firm’s name.

On 10 October, 2018, based on fraudulent information suplied by Oyuntur and the others, the Department of Defence transferred $23.5m intended to pay for jet fuel into the Deal Automotive bank account.

$23m fraud

Arslan was able to access some of the funds, but the bank wouldn’t release the balance.

The conspirators then obtained a falsified government contract from a collaborator in Turkey indicating that the used car dealership had obtained a defence contract worth $23m in an effort to convince the bank to provide access to the remaining funds.

The combined maximum prison sentences for Oyuntur’s charges amount to 107 years, while the fines for the fraud charges amount to $3m or twice the gross profits or loss relatd to the offence, whichever is greater, the Department of Justice said.

The remaining charges mean a potential $250,000 fine or twice the gain or loss from the offence, whichever is greater.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

BT Disappointed As CWU Votes To Strike, Despite 5 To 8 Percent Pay Rise

First strike in 35 years after BT staff with the e Communications Workers Union vote…

11 hours ago

Google To Shut Down Hangouts Later This Year

Another app closure. Google Hangouts will be shut down in November this year, as conversations…

15 hours ago

Xerox CEO John Visentin Dies, Aged 59

Rest in peace. Printer giant Xerox confirms vice chairman and CEO John Visentin has unexpectedly…

15 hours ago

Samsung Starts 3-nanometre Chip Production

How small? Samsung says it is the first in the world to produce 3-nanometre chips,…

17 hours ago

Most Brits Concerned About Their Search History Data, ExpressVPN Finds

Ooh matron! Half of Brits would change online behaviour if their search history was made…

18 hours ago