Identified as Nigerians, a group of hackers referred to as Gold Galleon, have been wreaking havoc on shipping firms and relieving them of hard earned dollars in a fresh thrust of cyber-crime. The group whose focus seems to be the Maritime sector was red flagged by network security firm, Secureworks.
The operation of the group was explained by online platform, Maritime Executive. They use basic email scams and publicly available hacking software to try to steal hundreds of thousands of dollars from unsuspecting ship managers and service providers.
According to Secureworks, Gold Galleon is a group of about 20 individuals who work together to hack maritime firms all over the world using basic techniques. They rent hacking tools for just a few dollars per month; they communicate via Skype; and they identify targets using online company directories and commercially-available contact lists.
Secureworks revealed that despite the gang’s attempts to disguise its location by using an online proxy service, it leaves several cues and indications that it is of Nigerian origin. The group members communicate in pidgin – which is an English creole language associated with some African Countries, especially Nigeria – and they use phrases associated with the popular Nigerian Confraternity, ‘Buccaneers’ for usernames and passwords. It is however unclear how Secureworks secured this information seeing that passwords are not made public to third parties.
The moment the group identifies a new target, it prepares and sends a spearphishing email which is carefully designed and directed to the recipient. The email usually comes with an attachment which always contains malware (or a program which is specially designed to execute a particular task) which then deploys in the computer of the recipient and sets to work, logging the user’s keystrokes and recording the usernames and passwords for the potential victim’s business email account(s).
When the account has been compromised, the group uses a software tool to collect all the email addresses with which that user has had interaction and gets to work intercepting business transactions between the user and his clientele. Considering that many Maritime firms use emails to communicate invoices and handle payment details, this is an effective way of attacking them.
After getting this set of information, the group lies in wait and monitors the email of the individual, waiting for the moment payment details are relayed on an invoice sent through the compromised account. They quickly intercept the invoice, alter the account numbers and direct the money to their own account through a ‘money mule’ or a ‘mule’ account. The group then uses a similarly worded email address to send the altered invoice to the intended recipient. In a lot of cases, the buyer does not detect the change to the sender’s mail address or the bank details and once the money is paid, it lands in the account of the fraudsters.
A money mule is a person who transfers stolen money between different countries. Money mules are recruited, sometimes unwittingly, by criminals to transfer illegally obtained money between different bank accounts. A mule account is an account used for similar purpose.
Owners of shipping firms and stakeholders in the Maritime sector have decried the attacks of the group, bemoaning the losses they have had to bear at the hand of the cyber terrorists who have made it their stock in trade to dispossess hardworking business people of their hard earned dollars.
At the Commonwealth Heads of Government meeting 2018, the issue of cyber security was brought up and the dangers and threats of cyber terrorism were discussed. At the end, the 53 countries committed to the declaration of the world’s largest and most geographically diverse inter-governmental commitment on cyber security cooperation.
This followed an announcement by the UK government to pledge up to £15 million to help Commonwealth countries strengthen their cyber security capabilities and “tackle criminal groups and hostile state actors who pose a global threat to security, including in the UK”.
