What 6 Years of Success in a Global Takedown Operation Looks Like, and How You Can Do It, Too

If you’ve ever chatted with me in person, you’ve probably heard this story before. Or at least, bits and pieces of it. “You say you fight fraud…but what does that even mean?” Well…I run one of the largest TLP:Red mailing lists focusing on all things BEC (Business Email Compromise), and collaborate with industry partners across the globe. Initially we flew under the radar for 3 years to get a grasp on the dumpster fire of a mess known as 419, BEC, AFF, Romance Scams, or more commonly (but partially inaccurate) known as Nigerian Fraud. You know, that thing where princes ask your grandmother for money? The scams that “no one would fall for” yet billions of dollars and a pile of corpses later is still here? That one.

Solve BEC they said. It would be easy they said. God I’m such an idiot.

The List.

Fast forward, December 2015.

I don’t even remember how I got Eric’s (name changed) number, but a mutual contact put me in contact with an agent who was working BEC cases in a fairly populated state. Our phone calls were normally short, and it went something like this.

Me: “Hey, a lot of us in the industry are seeing this. What would be your thoughts of starting a mailing list to track this stuff? We would love to engage with actors and pass ya’ll the intelligence because we really can’t do anything with the data.”
Eric: “Yea sure, feel free to talk to a few of your hacker friends.”

This wasn’t exactly how the conversation went, but I’m trying to capture the sentiment. Bear with me for 30 more seconds.

A few days later I called Eric back.

Me: “[Very smug Ronnie] So….are you ready?”
Eric: “??? Ready for….???”
Me: “I’ve got over 100 security researchers who are ready to engage with the BEC actors and start passing over intelligence. Are ya’ll ready? [smirky face]”

I could literally hear Eric’s jaw hit the floor on the other end of the line, and I like to imagine he looked something like this.

And that’s how the BEC list was born. A conglomerate of 110 misfit toys, many whom had never touched Nigerian fraud before then. Sadly many were “given” the task of tracking BEC because it wasn’t as sexy as hunting Bears or Pandas, but we all rolled with it. We were off on the fools quest of combatting fraud, and oh what fools we were taking on the world! (Literally…)

TLP:White: You can tell anyone.

TLP:Green: You can tell your colleagues.

TLP:Yellow / TLP:Amber: You can tell trusted colleagues.

TLP:Red: For you and you alone. STFU and don’t say anything.

6 Years Running — The Takedown Impacts

The great thing is that by setting a single focal point (stopping and understanding all things BEC) it opens individuals up to creativity, where they can fight things from their perspective. While respecting the TLP:Red nature of the information, here’s what a 6 year fire looks like, with leading experts across the world collaborating to make an impact.

  • Actioned between 5–10 million social media and dating profile accounts, many of which were identified directly by romance victims.
  • Identified thousands of illicit bank accounts used by scammers to facilitate fraud.
  • Identify thousands of email accounts (across many providers, ISP’s, etc.) and action them for takedown.
  • Assist government partners on unemployment, FEMA, PPP, W2, tax, and several other types of government fraud.
  • Sent thousands of fake W2’s to actors purely out of spite. Good luck working with that false information. ❤
  • Thousands arrested across the globe as a result of BEC and related crimes.
  • Worked with major service providers to action massive hives of BEC domains registered by actors.
  • Assist thousands of romance victims, providing resources and assistance as we can.
  • Create a TLP:White Slack channel, currently consisting of over 1,100 members. A big win there: we helped a mom-and-pop shop return over $700,000 in a BEC attack. They would have had to close if we didn’t get the money back, but instead they celebrated with champagne when the money was successfully returned.
  • Discovered that calling this “Nigerian fraud” is insanely inaccurate, because not all Nigerians are scammers. It’s just the bad apples ruining it for the bunch.
  • Members identified international criminal syndicates and other confraternities who are responsible for many types of fraud we see, as well as some of the most vicious crimes I have ever witnessed. Don’t believe me? Watch the link above, you’ll hate it. I guarantee it.
  • Tens of thousands of fake checks identified, tried to get the intelligence to the people who could action it, but unfortunately failed because it was “too much data” to work with. We naively thought “here’s where fraud is going to happen” on a silver platter would work, but it didn’t.
  • TONS of accounts and visibility into advanced-fee fraud, and you’ve probably seen it. If you’ve ever tried to sell something on Craigslist or Facebook market place and were offered a check for more than you were asking for: this is what it’s called.
  • Puppy scams, SCameroonians, and you. Yes, people sell fake puppies to people for fraud. Jerks.
  • Human sacrifices, murders, and suicides tied back to this stuff. Yuck.
  • Billions reversed by members. No that’s not an exaggeration, yes we’ve had billions more stolen that isn’t accounted for.
  • And the honorable mentions, like the times where actors leaked hundreds of bank accounts because they don’t know how to forensics. And no, we aren’t saying how we found it.

None of this wouldn’t have been successful with the hundreds of people working behind the scenes day and night to help make a safer internet. Collectively we have gained an immeasurable amount of knowledge around how this dumpster fire burns, as well as creating an impact that is just that is virtually immeasurable.

You Can Do This Too — The Keys to Successful List Administration

  1. Find passionate people who like solving problems.
  2. Set a common goal. In our case, it was “to fight and understand all things BEC”
  3. Work together. You’re fighting the same fight, so why fight amongst each other?
  4. When problems arise, hear all sides, check intent, handle issues quietly, communicate the problem and resolution, and move on. Do not let them fester.
  5. Be awesome to each other.

Closing

What fires are you lighting in 2022? Because there’s plenty of fire still out there.

This is me. Dystopia with a smile, stomper of fraud, caller-outer of BS. Not all Nigerians are scammers. #EndFraud #BEC #OSCP