Egypt Independent

Phrying the online Phishers



Mansoura–Egypt has always had a subculture of tech-savvy hustlers eager to stay one step ahead of the rules. Almost everyone, it seems, had a friend or cousin in grad school who figured out how to make free mobile phone calls or crack some of the racier satellite channels.

Last month this subculture came under the spotlight as a joint Egyptian-American investigation produced dozens of arrests in what authorities say was an online fraud scheme largely based in Egypt.

Arrest warrants were issued for 53 people in the US and another 47 in Egypt for involvement in a criminal conspiracy that allegedly defrauded customers at two American banks of more than US$1 million dollars. The technique involved tricking customers into revealing their online banking information through fake emails—a practice known as “phishing”; the two-year international investigation that cracked the phishing ring was named Operation Phish Phry.

Acting United States Attorney George S. Cardona stated: “This international phishing ring had a significant impact on two banks and caused huge headaches for hundreds, perhaps thousands, of bank customers.  Organized, international criminal rings can only be confronted by an organized response by law enforcement across international borders, which we have seen in this case.”

According to the indictment, the scheme started in Egypt, where the alleged ringleaders sent bogus e-mails purporting to be legitimate correspondence from the victims banks, urging them to update their online banking records. A statement issued by the FBI explained, “In illegal phishing schemes, bank customers are directed to fake websites purporting to be linked to financial institutions, where the customers are asked to enter their account numbers, passwords and other personal identification information. Because the websites appear to be legitimate—complete with bank logos and legal disclaimers—the customers do not realize that the websites do not belong to legitimate financial institutions.”

Once in control of the victims’ online usernames and passwords, the local phishers recruited partners in America to access the accounts and transfer money to alternative dummy accounts. According to the FBI, nearly $1.5 million was fraudulently transferred from accounts at Bank of America and Wells Fargo, with much of it eventually arriving in Egypt via wire transfer.

All Egyptians accused come from the governorates of Daqahliya and Sharqiya by the Nile delta and are between the ages 21 and 27. Haitham el-Said, one of the lawyers in the case, describes the accused Egyptians as “low middle-class undergraduates mostly in the faculty of commerce.”

El-Said downplays his clients’ involvement in the case: “The role of most of them was receiving money only. The technical role was done by only a few since most of them are not into computers in general. All of them accuse their American partners of setting them up.”

He also accuses local authorities with “illegitimate” arrests and detentions. “The police denied the lawyers’ access to contact the accused in the first day. Also, until now, the (prosecutor) refuses to provide a copy of the interrogations.”

An ex-hacker connected with the charged Egyptians, speaking on condition of anonymity, explained the main reasons why they were caught: “The Egyptians used their real personal data in their banking stuff, and the Egyptians were the lead that set their American partners up,” he said. “Most of these guys are not well experienced in security breaching techniques, they all followed the same spam emails method in phishing.”

Ahmed el-Ezabi, an online security expert, said conducting a phishing scheme doesn’t necessarily require high-level technological skills from all participants. “It is easy for someone with enough technology knowledge, yet it can depend on people with very little knowledge for propagation,” he said. “For example, someone with the necessary knowledge can create a website similar to the bank’s website and create a database to collect the information, he can then instruct as many people as he wants to install this malware on their PCs willingly.”