Petronella Blog Archive

Visit our New Blog

How to Recover Cyberheisted Money

Blog Post

All it takes is a percentage of the stolen funds, a bit of intercontinental airline travel and a carton of cigarettes.

A few years ago, American businesses had lost around $20 million to cybercrime.  That number has probably only gone up.  Usually, there's not much that a company can do on their own to recover the funds.  Here's a story, originally reported to KrebsOnSecurity, of a firm that lost nearly $200,000. but was able to get most of it back.

A little background first.  A lot of cyberthieving has been done around Chinese cities on the China-Russia border.  With the boom in imports and exports in the area, setting up a fraudulent company to send stolen funds to is relatively easy.

In this story, an accountant at the American import-export firm logged into a bank portal to deposit some money on a compromised computer.  The hackers were then able to do a wire transfer of $197,000 to a company in Harbin, China.  When the American firm discovered the transfer the next day, the money was already gone and the bank washed their hands of the ordeal, saying that they had nothing to do with the transfer and the crime had been committed against the company, not the bank, so they couldn't do anything with their branch in China.

Luckily, the company's owner had a cousin who was a lawyer in China who said he would help.  The Harbin police were less eager to help, saying they'd need a report from the FBI to make sure it wasn't some sort of scam, but they ended up settling for a police report.  Cousin Lawyer sweetened the deal with a gift-wrapped carton of cigarettes.  That, apparently, was what got their cooperation actually rolling, and in a couple days they located the company that had received the transfer.  They also found out that the same company had just received another international wire, this one for €900,000!

The police who were investigating the incident said they needed to go to Beijing to finish everything, so the company wired $1500 for that.  The police got there and the account of the company that stole the money was frozen.  A company associate flew to Beijing to meet with the police, opened a new bank account and transferred a previously agreed upon fee to the police.

Getting the money back to the US, however, was not so easy.  Such a large amount couldn't be wired back to the States unless the firm had a location in the region, which this company did not.  As another stroke of luck would have it, a longtime business partner of the owner did have a large business in China and agreed to pass the money through to them at no charge.

Out of $197,000, the firm was able to recover $166,000.  They were still out over $30,000, but considering how most companies never recover any funds lost to hackers, they made out pretty well.