A federal jury in Alexandria, Virginia, convicted Ebuka Raphael Umeti, a 35-year-old Nigerian national, on June 13 for operating a sophisticated business email compromise (BEC) scheme that targeted businesses in the United States and abroad.
According to court documents and trial evidence, Umeti and his co-conspirators executed phishing attacks that appeared to originate from trusted entities such as banks or vendors. These attacks allowed them to infiltrate victims’ computer systems and email accounts using malicious software or malware, granting them remote access. The compromised information was then used to deceive individuals at targeted companies into making wire transfers to accounts controlled by the co-conspirators.
The scheme resulted in actual and attempted losses exceeding $1.5 million.
“Umeti participated in a sophisticated computer hacking and business email compromise scheme that targeted numerous businesses in the United States,” stated Principal Deputy Assistant Attorney General Nicole M. Argentieri. “Today’s conviction should serve as yet another reminder that, if you target American victims, the Criminal Division is committed to tracking you down and holding you responsible for your criminal conduct, no matter where you are.”
U.S. Attorney Jessica D. Aber for the Eastern District of Virginia commented, “Umeti relied on hidden malware, deception, and an ocean of distance to steal from American businesses and avoid prosecution. Despite those obstacles and obfuscations, a dedicated team of investigators and prosecutors showed outstanding resolve in bringing him to justice.”
“Today’s guilty verdict is a victory in our fight against cybercrime and should serve as a warning to cybercriminals who believe they can operate with impunity,” added Assistant Director in Charge David Sundberg of the FBI Washington Field Office. “The FBI remains committed to relentlessly pursuing those engaged in malicious cyber activities and ensuring they are held accountable.”
The jury found Umeti guilty of conspiracy to commit wire fraud, three counts of wire fraud, conspiracy to cause intentional damage to a protected computer, and intentional damage to a protected computer. Umeti faces a potential maximum penalty of 27 years for the wire fraud conspiracy count, five years for conspiracy to cause intentional damage to a protected computer, 20 years for each wire fraud count, and 10 years for intentional damage to a protected computer. His sentencing is scheduled for August 27.
Co-defendant Franklin Ifeanyichukwu Okwonna, 34, pleaded guilty to his role in the scheme on May 20 and is set to be sentenced on September 3.
The case was investigated by the FBI Washington Field Office, with support from the Justice Department’s Office of International Affairs, the FBI’s Legal Attaché Office in Nairobi, the U.S. Marshals Service, and Kenya’s Office of the Director of Public Prosecutions and Directorate of Criminal Investigation. These agencies coordinated to secure the extradition of Umeti and Okwonna.
Senior Counsel Thomas S. Dougherty of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorney Laura D. Withers for the Eastern District of Virginia are prosecuting the case, with assistance from CCIPS Senior Counsel Aarash Haghighat.
