Mainland China Criminal Defense Lawyers
The article

GONG Chu, On Hacking Fraud with Money Laundering via Trade



On Hacking Fraud with Money Laundering via Trade




In this article, the author will analyse the features, measures, routines and other aspects of hacking fraud crime disguised as trade to launder money that he has dealt with during his legal career. He will do so by highlighting several cases on which he has worked. The author will emphasize the need for the Chinese police to crack down with stronger force on this category of crime. He will propose more effective methods for the police to deal with the criminals. Finally, the author will emphasize the vital importance of risk prevention in the face of hacking fraud.







联系方式:13590496399 (微信)

The Author

Gong Chu (Oscar)

Partner, DeHeng Law Offices (Shenzhen)

PhD. In Law, Renmin University of China

Practice scope: Dispute resolution


Mobile: 13590496399 (WeChat)


I. Preface

笔者在涉外律师执业过程中涉及为数不少的“通过贸易合同方式进行诈骗或洗钱”的黑客犯罪,其特点是技术性、复杂性、隐蔽性、时效性、跨国性。此类犯罪在察觉、补救、报案、追查等方面的难度大大超过以下二类国际贸易诈骗犯罪:1. 国内犯罪分子具有主观诈骗故意的收钱不发货或提供假冒伪劣产品;2. 国外犯罪分子具有主观诈骗故意的收货后不付款或少付款(直接不付、少付或故意找借口不付、少付)。笔者在此列举几个案例,予以介绍和分析,并提出建议。

As a lawyer, I have been involved with a number of cases of hacking fraud, in which the criminals use trade contracts to commit fraud and/or launder money. These crimes feature technical skill, complexity, stealth, timeliness and international crime. This category of crime is significantly more difficult to perceive, remedy, report and prosecute than the following two categories of international trade fraud: a. Chinese criminals who fail to deliver goods or who deliver bogus or substandard products, with the intention to defraud; b. Overseas criminals who pay no money or who pay less under various pretexts. Hereinafter, I will detail actual cases and will explain and analyse these, whilst proposing more effective interventions.


II. Cases


A. A British machinery company defrauded by hackers


This was an example of hacking fraud in which the money was intercepted and defrauded during normal trade processes.


In this case, a British machinery company placed an order to purchase from a Chinese seller. After wire transferring their payment as agreed in their contract, the British company notified the seller, asking to proceed with the manufacture and delivery of the goods. A short time later, the seller advised that the money had not arrived. On investigation, it was found that shortly before the British company made its payment, it had received instruction directing the payment to an alternative bank account. The notification stated that the former bank account, due to some reason, was not used to receive payment anymore. The British company followed the instruction and their payment was unwittingly made to the fraudulent account. Further investigation revealed that the fraudulent bank account was unrelated to the original Chinese seller. Both parties understood at this point that they had been victims of hacking fraud.


On examining the email correspondence, it was noted that the fraudulent payment instruction was sent to the British company from its China-based agent, however the agent was also innocent and knew nothing of the hacking fraud.


The lawyer was entrusted by the victim to report the fraud to the Chinese police and to follow up the investigation. The lawyer discovered that the fraudulent bank account belonged to an import/export company in Fujian Province. This company had paid this money onwards to the private and company accounts of various Chinese suppliers, whilst these recipients then exported commodities to overseas buyers using formal sales contracts and making normal customs declarations.


These overseas buyers are controlled or manipulated by hacking fraudsters. The email account of the agent for the British company was found to have long been controlled by the fraudsters through hacking.


B. A European enterprise in Dongguan defrauded by hackers


This case details a hacking fraud committed against two enterprises from one corporation, which occurred during their routine money transfers.


The European enterprise in Dongguan is a manufacturing company, while its parent company which has its headquarters in a European country is a transnational business group. For reasons related to production and management, the parent company regularly sends money to the subsidiary companies, including the aforementioned in Dongguan City. On one occasion, prior to wire transferring the money, the finance department of the parent company received instruction to transfer the money into an alternative account. They did as instructed, transferring a large sum. The subsidiary’s finance team discovered the error and reported it immediately to their bosses, who then travelled directly to Shenzhen City to report to the police station which governs the Chinese bank’s headquarters into which the money was sent. The investigation uncovered a false receiving account, which was opened with this bank’s branch office in Zhejiang Province by a company located there. It was this company that had sent out the fraudulently obtained money, as instructed by the hackers.


The email account from which the new instruction was believed to have been sent out, was proved to be fraudulent. This email account’s address was almost identical to that of the finance department of the subsidiary company, being only one English letter different. For example, the hacker changes “workwithchina" before the domain name to “workvvithchina” and it is not easy to distinguish when the owner enters the email box to check and reply letters.


C. Money laundering using the cover of international trade


This category details the crime of money laundering carried out by hackers, using the purchase of goods from mainland China or other countries/regions following receipt of money from their victim. The fraudulently obtained money is not necessarily used for purpose of international trade by the victim.


This category of hacking crime is accomplished as follows: the hacker illegally accesses the email account of a victim in one country and waits for the opportunity to fraudulently direct money into a bank account in another country or region, such as a free harbour city like Hong Kong. The hacker then directs the money through the accounts of the exporter according to the trade contracts signed, receives the commodities and sells them on, receiving the ‘legal income’.


In one case with which I dealt, a hacking group who claimed that they have a company registered in a central European country bought companies for sale established by mainland Chinese individuals or groups in Hong Kong SAR or other countries/regions. These companies normally do not have physical offices, but they are administrated by commercial agents recognized by the Hong Kong government and all of these companies for sale have bank accounts. It is these features that make them purchase targets for hackers. After they have completed the purchase of such companies, the illegally obtained funds are directed into these accounts, followed by trade contracts being signed, funds transferred into the sellers’ accounts, and ending in exporting the commodities and selling them on. This accomplishes the money laundering.


On occasion, the hackers were exposed either by failing to be in step with the company or by attempting to work too hastily. One Hong Kong company, despite the purchase agreement has been signed, transfer payment has been paid, change of directors’ names has also been done, its former director still holds the bank wire U disk and the code to operate it at hand, was alerted by the mobile message notifying big sum of money arrival, and refused to send it out under the hacker’s instruction.


The lawyer was contacted directly by the hacker, who paid a legal consultation fee and told untruths about the situation, requesting that the lawyer communicate with the seller, telling them to complete the financial transfer and promising a high remuneration fee to both the seller and the lawyer. After discussing the situation with the seller and the intermediary working on the transfer from the Hong Kong company to the fraudsters, the lawyer judged that the individual was a fraudster and part of a hacking group, and thus refused to work for him any further.


Except in such unusual circumstances as these, many hackers successfully pay trade orders by transferring money from the company accounts they have purchased, or those whom they have entrusted to transfer the money. Thus, the fraudsters accomplish money laundering using the cover of international trade.


III. Analysis and suggestions


A. The police should act swiftly to significantly decrease the victims’ losses

1. 黑客犯罪的时效性决定了一旦诈骗既遂,财产极短时间内就会被转移。事后追究虽然能实现司法正义,但受害人的实际损失已经发生,无法弥补。黑客诈骗的第一步就是通过银行汇款获得赃款。一般来说,银行的解付汇款分为“总行清分、分行清分、支行入账”三个步骤,快则1-3天,慢则3-7天。受害人应抓住时间,立即报案,促成警方迅速前往银行查封赃款。

1. The nature of hacking crime determines that the fraud is enacted, and the assets moved, in a very short timeframe. It is possible to achieve justice after the event; however, it is far less likely to result in the recovery of the victims’ losses.The first step in accomplishment of any hacking fraud is money transfer. Generally speaking, any bank in mainland China must complete three steps with regards to bank wire: head office sorting-out at national level, branch office sorting-out at city level, and sub-branch office entry-passing at town level, which takes 1 to 3 days at best and 3-7 days if moving slowly. Victims are advised to report the fraud to the police immediately and to urge the police to freeze any money defrauded directly with the bank.

2. 《中华人民共和国刑事诉讼法》、《公安机关办理刑事案件程序规定》、《最高人民法院、最高人民检察院、公安部关于办理电信网络诈骗等刑事案件适用法律若干问题的意见》均要求警方“提高办案效率”、“及时查明犯罪事实”,但实际接警的派出所对法律规定认识不够,且办理此类案件经验不足,往往延误时机,客观上为黑客犯罪集团赢得转移赃款或洗钱的时间。比如笔者代理的欧洲企业东莞子公司报案一事,某银行深圳总行所在地的基层派出所不予以立案,认为收款行在浙江省,要求受害人前往浙江省某市报案。推挡之间,2天时间过去,赃款已被转到香港某银行账户。根据经验可知,赃款也会被迅速再次转离香港。最后这笔赃款很可能表现为拖鞋或牙刷出现在非洲的丛林里。该派出所的做法是违反法律规定的,涉嫌渎职。刑诉法第84条明确规定:公安机关对于报案、控告、举报,都应当接受。对于不属于自己管辖的,应当移送主管机关处理,并且通知报案人、控告人、举报人;对于不属于自己管辖而又必须采取紧急措施的,应当先采取紧急措施,然后移送主管机关。

2.The Criminal Procedure Law of the People’s Republic of China, Provisions on the Procedures for Handling Criminal Cases by Public Security Organs and Opinions of the Supreme People's Court, the Supreme People's Procuratorate and the Ministry of Public Security on Several Issues concerning the Application of Law in the Handling of Telecommunications Network Fraud and other Criminal Cases all require that the police improve their working efficiency and timely investigation of crimes. However, at a local level, police officers are showing insufficient recognition and understanding when they are contacted by victims of fraud. These local officers lack understanding of the relevant laws, and lack experience of prosecuting crimes of this type, which eventually leads to the lost opportunity to recover the victims’ financial losses. This lack of support for the victims can even be described as facilitating the fraudsters in hiding the money or accomplishing the money laundering. For example, in the case of the European enterprise in Dongguan, the police station governing the area where the Chinese bank’s headquarters in Shenzhen believed that, since the money-receiving bank account was opened with a branch bank office in Zhejiang Province, the victim should go to a police station there to complain. The length of time spent communicating with policemen at the police station in Shenzhen led to two days passing, by which time the money had already left mainland China for Hong Kong. From experience the lawyer can predict that the money left Hong Kong immediately, possibly with the result that this defrauded money showed up in the form of slippers or toothbrushes in a remote area of a country in Africa. I suggest that the way of dealing with fraud victims as seen with the Shenzhen police station is contrary to that laid down by Chinese law, constituting dereliction of duty. Article 84 of the Criminal Procedure Law clearly regulates that: ‘The public security service shall accept all reports, complaints and information. If a case does not fall under its jurisdiction, it shall refer the case to the competent service and notify the person who made the report, lodged the complaint or provided the information. If the case does not fall under its jurisdiction but calls for emergency measures, it shall take emergency measures before referring the case to the competent organ.’

3. 在笔者代理的另一个跨境黑客诈骗案件(联合国前雇员所办的美国公司汇往另一国的工程投资款被骗)中,之所以追赃成功,归功于浙江省某地警方反应较快。律师接受委托后前往收款人账户所在地,当晚深夜民警接案,通知刑警大队负责人接待报案律师。翌日公安分局领导召集开会,律师电话连线美国受害公司负责人,令在场公安干警相信属实,当天查封收款账户,最终挽回一半损失(另一半已被转离国境)。该市警方全程未质疑和刁难律师的授权手续(电子版打印的授权书、护照、所函、律师证),是有法律依据的:刑诉法第84条“任何单位和个人发现有犯罪事实或者犯罪嫌疑人,有权利也有义务向公安机关、人民检察院或者人民法院报案或者举报。因此,报案律师即使不提供公证认证的授权文件,也有权作为公民举报犯罪行为。

3. In another case, the lawyer represented a US citizen who was a former UN employee and is now running a company in the USA. The individual was to send capital for an engineering project to a Nigerian partner. The money defrauded was partially recovered and credit should be given to the quick reactions of local police in Zhejiang Province. After the victim engaged this law firm, the lawyer travelled to the city where the money was sent and reported the case to the police station governing the area where the bank was located. The duty policeman notified his superior who was responsible for criminal investigation and the superior quickly attended, despite it being midnight. The very next morning the police leaders of the sub-bureau there held an emergency meeting. During the meeting, the lawyer spoke on the telephone with the victim (who was abroad at the time) in the presence of the policemen, to demonstrate to those present that he was indeed the victim of a legitimate fraud. The police froze that bank account the same day, which enabled the lawyer to recover half of the financial losses suffered. During the entire process the police did not question the legality of the lawyer’s Power of Attorney. The Power of Attorney (POA) contains a printed version of POA from its electronic version, a copy of the passport of the victim’s company’s president, the law firm’s letter of introduction, and a copy of the lawyer’s certificate. The police acted correctly and in-line with the law. Article 84 of the Criminal Procedure Law also states: ‘any unit or individual, upon discovering facts of a crime or a criminal suspect, shall have the right and duty to report the case or provide information to a public security service, a People's Procuratorate or a People's Court.’ This gives right to the lawyer to complain against any crime even he does not have a power of attorney without notarization and embassy certification done in the USA.


B. Companies must take more robust risk prevention and standardize their financial behaviors

1. 跨境付款实践中,要保证每一笔汇款都先行确认,是难以做到的。但是,如果一方突然改动收款账户,即刻进行确认是可行的。此时绝不可继续使用电邮询问(已被黑客控制);应采取各种其他方式进行确认,包括电话、视频、等等。

1. It is unrealistic to carry out verification before every single cross-border transaction is made. However, should a party involved suddenly change its receiving account information, verification of any new account should occur instantly. Continuing to utilize email to verify security should be forbidden, as the email account is by then already under the control of the hackers. Telephone call verification, video call verification and other alternative options are recommended.

2. 卖方不宜轻易变动收款账户。上述英国机械公司之所以被骗,正是因为卖家要求新交易不再用第一个账户(账户A),改用第二个账户(账户B),黑客借机发邮件引导买家付款到第三个账户(账户C)。卖家之所以要求改用账户B,是因为它自己没有外汇收款账户,代收款的A账户公司手续费高,它想换到更低廉的B公司账户,结果被黑客以C公司账户更低廉为借口诈骗成功。

2.The seller must not be allowed to change their beneficiary account easily. Taking the example of the British company in Case 1, the fraud was instigated when the seller demanded the use of an alternative bank account (Account B) by blocking the use of the original account (Account A). The seller did this by stating that the commission fee charged to Account A was too high. The hacker took advantage of this information using the pretext that Account C was even lower in commission fee and thus successfully defrauded the British victim.

3. 加强网络安全,及时更新邮箱密码等设置。黑客是网络技术高手,无孔不入。举一个恐怖的例子:笔者作为律师的邮箱和贝宝账户密码都曾被黑客攫取。受害人发现被诈骗后从墨西哥发来电邮联系本律师。黑客居然一路跟着,暗暗盯着受害人和律师之间的交流,在转账支付律师费时,把钱引导支付到了黑客控制的银行账户。之后,墨西哥当事人询问律师工作进度,双方才知道他再次被骗。在另一个案件里,黑客甚至侵入律师贝宝账户,按照贝宝规则,以投诉的方式令贝宝公司冻结律师户头个人款项,同时控制了律师贝宝注册邮箱,使得贝宝公司发来的投诉提示函被直接划入垃圾箱,笔者蒙在鼓里。期限满后,贝宝视为投诉成功,将所冻结的资金划给黑客。普通人在技术上无法对抗黑客,唯有尽力采取自己能做到的防护措施,力争最大限度保护邮箱和网络安全。

3.Internet safety must be prioritized, such as keeping passwords and codes updated. Hacking fraudsters are experts in internet technology, anywhere and everywhere in the online world. Another worrying example was when my working email account and PayPal account were both hacked by fraudsters. A fraud victim in Mexico contacted the lawyer via email for help. This communication was hacked, the hacker reviewed the conversation between the victim and lawyer, and subsequently redirected the victim to submit their legal fee to the hacker’s chosen destination. Days later when the Mexican client contacted the lawyer for an update, the lawyer realized he had been defrauded again. In another case, a hacker invaded another of the lawyer’s email accounts, creating correspondence from PayPal that would automatically send directly into the lawyer’s spam folder. The hacker subsequently, following the rules set down by PayPal, lodged a false complaint against the lawyer by posing as a PayPal user. As the lawyer did not see the PayPal notification emails in the spam folder related to this complaint, eventually the lawyer’s personal funds were allotted to the hacker once the reply time had expired according to PayPal’s rules. As we can see, ordinary people are equally as exposed to hackers as large organizations, the only thing we can do is take individual measures to protect our email accounts and improve the safety of our other internet-related transactions.

4. 规范财务行为,代收代付需高度谨慎。以最近发生的一家德国公司被黑客诈骗为例,其索取退款被拒后,正聘请香港律师起诉一家大陆商家设立的香港公司,因其为了赚取手续费代收代付,包括几笔黑客转来的款项。该公司即使刑法上能脱离罪责,民事程序上也会惹上麻烦,得不偿失。

4.Standardization of financial behaviors is of vital importance, both for individuals and companies. One must always be careful to receive and transfer money safely and appropriately. Taking a recent fraud case as an example, a German company retained a law firm in Hong Kong to sue a second company after its request for a refund was rejected. A factory in mainland China set up a company in Hong Kong SAR which received and paid out money to other parties, in order to make a commission fee. This included money defrauded by hackers. In this instance, if the company can rid itself of its penal responsibilities, it must face other prosecution, such as a civil lawsuit. Surely these actions are not worth the trouble of potential legal prosecution.

5. 出口企业要不厌其烦地提醒买家有关汇款注意事项,宁愿先行采取各种确认手段,保证收款安全。

5.Companies exporting goods or services must make their customers aware of the risks of cross-border money transfers and provide safe processes for the transfer of money, using a range of verification measures.


C. Domestic police assistance and international police cooperation

黑客犯罪可能是侦破率最低的犯罪类型之一。如发案初期不能挽回经济损失,又需要继续办案,就需要做两件事情:1. 国内各地公安机关联合行动。2. 各国警方合作追查。

Hacking crime has a much lower success rate of being solved by the police when compared with many other categories of crime. Once the case has passed the early stages, if the victim’s financial losses are not recovered and there is a need to pursue a penal investigation, two things are required: a. domestic police coordination and assistance; b. international police cooperation.

1. 国内警方联动

a. Domestic police coordination


Interpretation of the Supreme People's Court and the Supreme People's Procuratorate on Several Issues Concerning the Specific Application of Law in the Trial of Criminal Cases on Swindling regulates in Article 1 that a sum of money defrauded at fifty hundred Yuan or above meets the criterion of an ‘especially huge amount’. This is regulated by Article 266 of the Criminal Law of the People’s Republic of China in criminal cases using telecommunication technology to defraud. The sum of money involved in hacker fraud using trade transactions to do money laundering generally meets this criterion, and the fraud cases listed previously in this article involve significantly more valuable assets, sometimes even more than one hundred times larger. These fall into the category of ‘major cases’, which must be investigated and pursued in order to safeguard the image of the Chinese police also the Chinese justice system.


Trade fraud other than hacking must also be cracked down on forcefully by the Chinese police. This would include Chinese individuals or groups defrauding foreign nationals or foreign companies while disguising the fraud as trading. These cases can seriously damage the reputation of our nation and must incur strong police intervention.


Wire transfers between banks are inherently traceable and police are easily able to trace the defrauded money. Even if the first transaction does not result in the account being frozen, it is highly possible that the money laundering transfers that follow can be identified and frozen. Since the movement of police force from one city to another takes time, police in another city, if they can cooperate in a timely manner, can increase the efficiency of the police investigation greatly.

2. 国际刑警合作

b. International police cooperation


International police cooperation with regards to hacking crime crackdown and hacking prevention is still only a blueprint for the time being. Taking the Hong Kong SAR police as an example, from my experience, the Hong Kong SAR Police are good with the quality of their law enforcement, and they make me believe that they prioritize serving the people. They usually are ready to file a case immediately after the lawyer only sends out a complaint email. However, the practical outcomes of the Hong Kong SAR Police investigations can be unsatisfying. It should be possible to trace the hacking criminals who have directly moved the money away or who have used trade to facilitate money laundering, but the degree of practical cross-border cooperation can prove variable on a case-by-case basis.