Anti-Money Laundering (AML) , Cybercrime , Fraud Management & Cybercrime
2 Plead Guilty in Vast Money Laundering SchemeProsecutors Say Operation Aided Cybercriminals
Two Latvian men tied to an extensive international money laundering operation that aided prominent cybercriminals have pleaded guilty to conspiracy charges.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
So far, 20 suspects from more than a dozen countries have been charged in connection with the scheme, which attempted to launder tens of millions of dollars of stolen funds, prosecutors say.
Arturs Zaharevics and Aleksejs Trofimovics pleaded guilty to money laundering conspiracy for their roles aiding "QQAAZZ," a European-based money laundering organization that advertised itself as a "global bank drop service" and provided illegal cash-out and cryptocurrency transactions for cybercriminals since 2016, prosecutors say (see: 20 Arrested in Money Laundering Crackdown).
Zaharevics and Trofimovics now face up to 20 years in prison when they are sentenced later this year.
Trofimovics, 25, registered an illegitimate shell company in Portugal, prosecutors say. He opened at least 13 corporate bank accounts there on behalf of the shell company to enable QQAAZZ to receive and launder money stolen by cybercriminals who targeted account holders at various financial institutions. Prosecutors say U.S. victims' money was routed - or was intended to be routed - through these Portuguese accounts. Trofimovics, who is being held in the U.S., was extradited from Latvia.
Zaharevics, 33, was extradited from the U.K. in April. He was charged with establishing a shell company and setting up foreign bank accounts to launder stolen funds from U.S. victims. He will be sentenced on Dec. 1, according to court documents.
"Transnational money laundering organizations like the QQAAZZ group play a critical role in helping cybercriminals profit from their schemes," says Stephen R. Kaufman, acting U.S. attorney for the Western District of Pennsylvania. "The guilty pleas … reflect our ongoing commitment to dismantle these pernicious groups through collaboration with our foreign partners."
Commenting on the scope of these crimes, Mike Nordwall, FBI Pittsburgh special agent in charge, says: "These individuals … worked in concert with cybercriminals who stole from unsuspecting victims in the United States and around the globe. Their guilty pleas are proof no one can hide behind a computer or an international border."
The FBI collaborated with Europol and several European law enforcement agencies on parallel investigations, officials say.
Inside the Operation
In October 2020, the Department of Justice described the sophistication of QQAAZZ's operation - and its affiliation with well-known malware families.
Investigators said the group included "several layers" of members from Latvia, Georgia, Bulgaria, Romania and Belgium. QQAAZZ maintained hundreds of corporate and personal bank accounts around the world to house cybercriminals' illicit gains and used legitimate and fraudulent identification documents to set them up, prosecutors said.
The funds were transferred to other accounts and sometimes converted to cryptocurrency using "tumbling" services designed to hide the original source, the DOJ reports. QQAAZZ would return the balance of the stolen funds to their hacker affiliates after taking a fee of up to 40% or 50%, prosecutors said.
QQAAZZ advertised its services on Russian-speaking darknet forums as a "global, complicit bank drops service." The group partnered with malware operations that included Dridex, Trickbot and GozNvm, among others, the DOJ reports.
Court documents show that U.S. victims of cyberattacks that led to money laundering included a Connecticut tech company, a Jewish Orthodox synagogue in the Brooklyn borough of New York City, a Pennsylvania-based medical device manufacturer, a Miami-based architectural firm, an automotive parts manufacturer in Michigan and an Illinois-based homebuilder, among others.
Fourteen members of the criminal organization were charged by a federal grand jury in Pennsylvania in October 2020. An October 2019 indictment charged five other members of QQAAZZ, including Trofimovics and Zaharevics.
In addition, Maksim Boiko, a Russian national, was arrested in connection with QQAAZZ in late March 2020, after reportedly attempting to carry $20,000 in cash through the Miami airport. He later pleaded guilty to one count of conspiracy to launder money, the Pittsburgh Post-Gazette reported.
William Callahan, a former special agent in charge for the U.S. Drug Enforcement Administration, observes: "Money laundering is critical to the effective operation of transnational criminal organizations. To combat [them], U.S. prosecutors have made anti-money laundering efforts a critical and effective component of the investigation."
Giovanni Rocco, a former FBI undercover task force officer, underscores the challenges associated with international money laundering investigations, noting that the introduction of cryptocurrency "has only made the job of the investigator harder."
Callahan, who now works for the forensic analytics firm Blockchain Intelligence Group and assists global law enforcement agencies with cryptocurrency tracking, adds: "These cryptocurrency money launderers probably felt safe and anonymous operating outside of the U.S. The blockchain never forgets, and with today’s cryptocurrency forensic software, their financial movements were the best evidence against them."