NEW YORK CITY, New York: A British man has been charged with hacking into email servers and computers belonging to U.S. banks and brokerages to steal money from investors' accounts worth more than $5 million.
Idris Dayo Mustapha, 32, along with others, used phishing and other means to obtain user names and passwords and access online bank and brokerage accounts from January 2011 to March 2018, according to a 10-count complaint made public this week.
Mustapha, from Lagos, Nigeria, and his co-conspirators, at first transferred victims' money to their own accounts, prosecutors said, adding that once banks began blocking the transfers, the conspirators would make unauthorized stock trades in hacked accounts, while simultaneously making profitable trades in the same stocks in their own accounts.
In an April 2016 conversation quoted by the complaint, Mustapha and an unnamed co-conspirator, a Lithuanian national, talked about whether to conduct unauthorized trades in or wire money from one brokerage's accounts.
Mustapha was quoted as stating, "Better to go trade up and down and not direct fraud wire."
U.S. Attorney Breon Peace in Brooklyn said Mustapha was "part of a nefarious group that caused millions of dollars in losses to victims by engaging in a litany of cybercrimes."
The U.S. is attempting to extradite Mustapha, after he was arrested in the UK in August 2021.
He could face up to 20 years in prison on each count of wire fraud, securities fraud and money laundering, as well as two years for aggravated identity theft.
In 2016, the U.S. Securities and Exchange Commission won an asset freeze judgement against Mustapha in a Manhattan civil lawsuit also concerning his alleged hacking of brokerage accounts.