NEW YORK (Reuters) – A British man has been criminally charged in New York with stealing money from investors’ accounts by hacking into email servers and computers belonging to U.S. banks and brokerages, causing more than $5 million of losses.
According to a 10-count complaint made public on Tuesday, Idris Dayo Mustapha, 32, and others used phishing and other means to obtain user names and passwords and access online bank and brokerage accounts from January 2011 to March 2018.
Prosecutors said the Lagos, Nigeria native and his co-conspirators at first transferred victims’ money to their own accounts.
They said once banks began blocking the transfers, the conspirators would make unauthorized stock trades in hacked accounts, while simultaneously making profitable trades in the same stocks in their own accounts.
The complaint quoted from an April 2016 conversation between Mustapha and an unnamed co-conspirator, a Lithuanian national, about whether to conduct unauthorized trades in or wire money from one brokerage’s accounts.
“Better to go trade up and down and … not direct fraud wire,” Mustapha was quoted as saying.
In a statement. U.S. Attorney Breon Peace in Brooklyn said Mustapha was “part of a nefarious group that caused millions of dollars in losses to victims by engaging in a litany of cybercrimes.”
A New York-based lawyer for Mustapha did not immediately respond to requests for comment.
The United States is trying to extradite Mustapha following his August 2021 arrest in Britain.
If convicted, Mustapha faces up to 20 years in prison on each of various wire fraud, securities fraud and money laundering charges, plus two years for aggravated identity theft.
In 2016, the U.S. Securities and Exchange Commission won an asset freeze against Mustapha in a Manhattan civil lawsuit also concerning his alleged hacking of brokerage accounts.
The case is U.S. v. Mustapha, U.S. District Court, Eastern District of New York, No. 17-mj-00367.
(Reporting by Jonathan Stempel in New York; Editing by Cynthia Osterman)