On Hacking Fraud with Money Laundering via Trade
In this article, the author will analyse the features, measures, routines and other aspects of hacking fraud crime disguised as trade to launder money that he has dealt with during his legal career. He will do so by highlighting several cases on which he has worked. The author will emphasize the need for the Chinese police to crack down with stronger force on this category of crime. He will propose more effective methods for the police to deal with the criminals. Finally, the author will emphasize the vital importance of risk prevention in the face of hacking fraud.
Gong Chu (Oscar)
PhD. In Law, Renmin University of China
Practice scope: Dispute resolution
Mobile: 13590496399 (WeChat)
笔者在涉外律师执业过程中涉及为数不少的“通过贸易合同方式进行诈骗或洗钱”的黑客犯罪，其特点是技术性、复杂性、隐蔽性、时效性、跨国性。此类犯罪在察觉、补救、报案、追查等方面的难度大大超过以下二类国际贸易诈骗犯罪：1. 国内犯罪分子具有主观诈骗故意的收钱不发货或提供假冒伪劣产品；2. 国外犯罪分子具有主观诈骗故意的收货后不付款或少付款（直接不付、少付或故意找借口不付、少付）。笔者在此列举几个案例，予以介绍和分析，并提出建议。
As a lawyer, I have been involved with a number of cases of hacking fraud, in which the criminals use trade contracts to commit fraud and/or launder money. These crimes feature technical skill, complexity, stealth, timeliness and international crime. This category of crime is significantly more difficult to perceive, remedy, report and prosecute than the following two categories of international trade fraud: a. Chinese criminals who fail to deliver goods or who deliver bogus or substandard products, with the intention to defraud; b. Overseas criminals who pay no money or who pay less under various pretexts. Hereinafter, I will detail actual cases and will explain and analyse these, whilst proposing more effective interventions.
A. A British machinery company defrauded by hackers
This was an example of hacking fraud in which the money was intercepted and defrauded during normal trade processes.
In this case, a British machinery company placed an order to purchase from a Chinese seller. After wire transferring their payment as agreed in their contract, the British company notified the seller, asking to proceed with the manufacture and delivery of the goods. A short time later, the seller advised that the money had not arrived. On investigation, it was found that shortly before the British company made its payment, it had received instruction directing the payment to an alternative bank account. The notification stated that the former bank account, due to some reason, was not used to receive payment anymore. The British company followed the instruction and their payment was unwittingly made to the fraudulent account. Further investigation revealed that the fraudulent bank account was unrelated to the original Chinese seller. Both parties understood at this point that they had been victims of hacking fraud.
On examining the email correspondence, it was noted that the fraudulent payment instruction was sent to the British company from its China-based agent, however the agent was also innocent and knew nothing of the hacking fraud.
The lawyer was entrusted by the victim to report the fraud to the Chinese police and to follow up the investigation. The lawyer discovered that the fraudulent bank account belonged to an import/export company in Fujian Province. This company had paid this money onwards to the private and company accounts of various Chinese suppliers, whilst these recipients then exported commodities to overseas buyers using formal sales contracts and making normal customs declarations.
These overseas buyers are controlled or manipulated by hacking fraudsters. The email account of the agent for the British company was found to have long been controlled by the fraudsters through hacking.
B. A European enterprise in Dongguan defrauded by hackers
This case details a hacking fraud committed against two enterprises from one corporation, which occurred during their routine money transfers.
The European enterprise in Dongguan is a manufacturing company, while its parent company which has its headquarters in a European country is a transnational business group. For reasons related to production and management, the parent company regularly sends money to the subsidiary companies, including the aforementioned in Dongguan City. On one occasion, prior to wire transferring the money, the finance department of the parent company received instruction to transfer the money into an alternative account. They did as instructed, transferring a large sum. The subsidiary’s finance team discovered the error and reported it immediately to their bosses, who then travelled directly to Shenzhen City to report to the police station which governs the Chinese bank’s headquarters into which the money was sent. The investigation uncovered a false receiving account, which was opened with this bank’s branch office in Zhejiang Province by a company located there. It was this company that had sent out the fraudulently obtained money, as instructed by the hackers.
The email account from which the new instruction was believed to have been sent out, was proved to be fraudulent. This email account’s address was almost identical to that of the finance department of the subsidiary company, being only one English letter different. For example, the hacker changes “workwithchina" before the domain name to “workvvithchina” and it is not easy to distinguish when the owner enters the email box to check and reply letters.
C. Money laundering using the cover of international trade
This category details the crime of money laundering carried out by hackers, using the purchase of goods from mainland China or other countries/regions following receipt of money from their victim. The fraudulently obtained money is not necessarily used for purpose of international trade by the victim.
This category of hacking crime is accomplished as follows: the hacker illegally accesses the email account of a victim in one country and waits for the opportunity to fraudulently direct money into a bank account in another country or region, such as a free harbour city like Hong Kong. The hacker then directs the money through the accounts of the exporter according to the trade contracts signed, receives the commodities and sells them on, receiving the ‘legal income’.
In one case with which I dealt, a hacking group who claimed that they have a company registered in a central European country bought companies for sale established by mainland Chinese individuals or groups in Hong Kong SAR or other countries/regions. These companies normally do not have physical offices, but they are administrated by commercial agents recognized by the Hong Kong government and all of these companies for sale have bank accounts. It is these features that make them purchase targets for hackers. After they have completed the purchase of such companies, the illegally obtained funds are directed into these accounts, followed by trade contracts being signed, funds transferred into the sellers’ accounts, and ending in exporting the commodities and selling them on. This accomplishes the money laundering.
On occasion, the hackers were exposed either by failing to be in step with the company or by attempting to work too hastily. One Hong Kong company, despite the purchase agreement has been signed, transfer payment has been paid, change of directors’ names has also been done, its former director still holds the bank wire U disk and the code to operate it at hand, was alerted by the mobile message notifying big sum of money arrival, and refused to send it out under the hacker’s instruction.
The lawyer was contacted directly by the hacker, who paid a legal consultation fee and told untruths about the situation, requesting that the lawyer communicate with the seller, telling them to complete the financial transfer and promising a high remuneration fee to both the seller and the lawyer. After discussing the situation with the seller and the intermediary working on the transfer from the Hong Kong company to the fraudsters, the lawyer judged that the individual was a fraudster and part of a hacking group, and thus refused to work for him any further.
Except in such unusual circumstances as these, many hackers successfully pay trade orders by transferring money from the company accounts they have purchased, or those whom they have entrusted to transfer the money. Thus, the fraudsters accomplish money laundering using the cover of international trade.
III. Analysis and suggestions
A. The police should act swiftly to significantly decrease the victims’ losses
1. The nature of hacking crime determines that the fraud is enacted, and the assets moved, in a very short timeframe. It is possible to achieve justice after the event; however, it is far less likely to result in the recovery of the victims’ losses.The first step in accomplishment of any hacking fraud is money transfer. Generally speaking, any bank in mainland China must complete three steps with regards to bank wire: head office sorting-out at national level, branch office sorting-out at city level, and sub-branch office entry-passing at town level, which takes 1 to 3 days at best and 3-7 days if moving slowly. Victims are advised to report the fraud to the police immediately and to urge the police to freeze any money defrauded directly with the bank.
2.The Criminal Procedure Law of the People’s Republic of China, Provisions on the Procedures for Handling Criminal Cases by Public Security Organs and Opinions of the Supreme People's Court, the Supreme People's Procuratorate and the Ministry of Public Security on Several Issues concerning the Application of Law in the Handling of Telecommunications Network Fraud and other Criminal Cases all require that the police improve their working efficiency and timely investigation of crimes. However, at a local level, police officers are showing insufficient recognition and understanding when they are contacted by victims of fraud. These local officers lack understanding of the relevant laws, and lack experience of prosecuting crimes of this type, which eventually leads to the lost opportunity to recover the victims’ financial losses. This lack of support for the victims can even be described as facilitating the fraudsters in hiding the money or accomplishing the money laundering. For example, in the case of the European enterprise in Dongguan, the police station governing the area where the Chinese bank’s headquarters in Shenzhen believed that, since the money-receiving bank account was opened with a branch bank office in Zhejiang Province, the victim should go to a police station there to complain. The length of time spent communicating with policemen at the police station in Shenzhen led to two days passing, by which time the money had already left mainland China for Hong Kong. From experience the lawyer can predict that the money left Hong Kong immediately, possibly with the result that this defrauded money showed up in the form of slippers or toothbrushes in a remote area of a country in Africa. I suggest that the way of dealing with fraud victims as seen with the Shenzhen police station is contrary to that laid down by Chinese law, constituting dereliction of duty. Article 84 of the Criminal Procedure Law clearly regulates that: ‘The public security service shall accept all reports, complaints and information. If a case does not fall under its jurisdiction, it shall refer the case to the competent service and notify the person who made the report, lodged the complaint or provided the information. If the case does not fall under its jurisdiction but calls for emergency measures, it shall take emergency measures before referring the case to the competent organ.’
3. In another case, the lawyer represented a US citizen who was a former UN employee and is now running a company in the USA. The individual was to send capital for an engineering project to a Nigerian partner. The money defrauded was partially recovered and credit should be given to the quick reactions of local police in Zhejiang Province. After the victim engaged this law firm, the lawyer travelled to the city where the money was sent and reported the case to the police station governing the area where the bank was located. The duty policeman notified his superior who was responsible for criminal investigation and the superior quickly attended, despite it being midnight. The very next morning the police leaders of the sub-bureau there held an emergency meeting. During the meeting, the lawyer spoke on the telephone with the victim (who was abroad at the time) in the presence of the policemen, to demonstrate to those present that he was indeed the victim of a legitimate fraud. The police froze that bank account the same day, which enabled the lawyer to recover half of the financial losses suffered. During the entire process the police did not question the legality of the lawyer’s Power of Attorney. The Power of Attorney (POA) contains a printed version of POA from its electronic version, a copy of the passport of the victim’s company’s president, the law firm’s letter of introduction, and a copy of the lawyer’s certificate. The police acted correctly and in-line with the law. Article 84 of the Criminal Procedure Law also states: ‘any unit or individual, upon discovering facts of a crime or a criminal suspect, shall have the right and duty to report the case or provide information to a public security service, a People's Procuratorate or a People's Court.’ This gives right to the lawyer to complain against any crime even he does not have a power of attorney without notarization and embassy certification done in the USA.
B. Companies must take more robust risk prevention and standardize their financial behaviors
1. It is unrealistic to carry out verification before every single cross-border transaction is made. However, should a party involved suddenly change its receiving account information, verification of any new account should occur instantly. Continuing to utilize email to verify security should be forbidden, as the email account is by then already under the control of the hackers. Telephone call verification, video call verification and other alternative options are recommended.
2.The seller must not be allowed to change their beneficiary account easily. Taking the example of the British company in Case 1, the fraud was instigated when the seller demanded the use of an alternative bank account (Account B) by blocking the use of the original account (Account A). The seller did this by stating that the commission fee charged to Account A was too high. The hacker took advantage of this information using the pretext that Account C was even lower in commission fee and thus successfully defrauded the British victim.
3.Internet safety must be prioritized, such as keeping passwords and codes updated. Hacking fraudsters are experts in internet technology, anywhere and everywhere in the online world. Another worrying example was when my working email account and PayPal account were both hacked by fraudsters. A fraud victim in Mexico contacted the lawyer via email for help. This communication was hacked, the hacker reviewed the conversation between the victim and lawyer, and subsequently redirected the victim to submit their legal fee to the hacker’s chosen destination. Days later when the Mexican client contacted the lawyer for an update, the lawyer realized he had been defrauded again. In another case, a hacker invaded another of the lawyer’s email accounts, creating correspondence from PayPal that would automatically send directly into the lawyer’s spam folder. The hacker subsequently, following the rules set down by PayPal, lodged a false complaint against the lawyer by posing as a PayPal user. As the lawyer did not see the PayPal notification emails in the spam folder related to this complaint, eventually the lawyer’s personal funds were allotted to the hacker once the reply time had expired according to PayPal’s rules. As we can see, ordinary people are equally as exposed to hackers as large organizations, the only thing we can do is take individual measures to protect our email accounts and improve the safety of our other internet-related transactions.
4.Standardization of financial behaviors is of vital importance, both for individuals and companies. One must always be careful to receive and transfer money safely and appropriately. Taking a recent fraud case as an example, a German company retained a law firm in Hong Kong to sue a second company after its request for a refund was rejected. A factory in mainland China set up a company in Hong Kong SAR which received and paid out money to other parties, in order to make a commission fee. This included money defrauded by hackers. In this instance, if the company can rid itself of its penal responsibilities, it must face other prosecution, such as a civil lawsuit. Surely these actions are not worth the trouble of potential legal prosecution.
5.Companies exporting goods or services must make their customers aware of the risks of cross-border money transfers and provide safe processes for the transfer of money, using a range of verification measures.
C. Domestic police assistance and international police cooperation
黑客犯罪可能是侦破率最低的犯罪类型之一。如发案初期不能挽回经济损失，又需要继续办案，就需要做两件事情：1. 国内各地公安机关联合行动。2. 各国警方合作追查。
Hacking crime has a much lower success rate of being solved by the police when compared with many other categories of crime. Once the case has passed the early stages, if the victim’s financial losses are not recovered and there is a need to pursue a penal investigation, two things are required: a. domestic police coordination and assistance; b. international police cooperation.
a. Domestic police coordination
Interpretation of the Supreme People's Court and the Supreme People's Procuratorate on Several Issues Concerning the Specific Application of Law in the Trial of Criminal Cases on Swindling regulates in Article 1 that a sum of money defrauded at fifty hundred Yuan or above meets the criterion of an ‘especially huge amount’. This is regulated by Article 266 of the Criminal Law of the People’s Republic of China in criminal cases using telecommunication technology to defraud. The sum of money involved in hacker fraud using trade transactions to do money laundering generally meets this criterion, and the fraud cases listed previously in this article involve significantly more valuable assets, sometimes even more than one hundred times larger. These fall into the category of ‘major cases’, which must be investigated and pursued in order to safeguard the image of the Chinese police also the Chinese justice system.
Trade fraud other than hacking must also be cracked down on forcefully by the Chinese police. This would include Chinese individuals or groups defrauding foreign nationals or foreign companies while disguising the fraud as trading. These cases can seriously damage the reputation of our nation and must incur strong police intervention.
Wire transfers between banks are inherently traceable and police are easily able to trace the defrauded money. Even if the first transaction does not result in the account being frozen, it is highly possible that the money laundering transfers that follow can be identified and frozen. Since the movement of police force from one city to another takes time, police in another city, if they can cooperate in a timely manner, can increase the efficiency of the police investigation greatly.
b. International police cooperation
International police cooperation with regards to hacking crime crackdown and hacking prevention is still only a blueprint for the time being. Taking the Hong Kong SAR police as an example, from my experience, the Hong Kong SAR Police are good with the quality of their law enforcement, and they make me believe that they prioritize serving the people. They usually are ready to file a case immediately after the lawyer only sends out a complaint email. However, the practical outcomes of the Hong Kong SAR Police investigations can be unsatisfying. It should be possible to trace the hacking criminals who have directly moved the money away or who have used trade to facilitate money laundering, but the degree of practical cross-border cooperation can prove variable on a case-by-case basis.