What 6 Years of Success in a Global Takedown Operation Looks Like, and How You Can Do It, Too

The List.

The story of “the list” starts in 2015. Industry wide, a new trend of companies being targeted with a new type of phishing email started to emerge. The lure was simple, pretend to be someone in authority, ask for money, and…profit. It really was (and is) that simple. In these attacks, scammers used no malware, no links, or anything that was traditionally “malicious” that could be detectable. Across the industry we had more questions than answers. Who’s behind these attacks? What is their end goal? Where are they getting these bank accounts from? Do they own the accounts, did they steal them, or was it an option that we hadn’t accounted for? What intelligence gathering techniques were scammers using to know who the CEO, CFO, or HR personal is in the company? These are pretty easy answers to guess, but we didn’t know. And the more we looked the murkier the answers got.

6 Years Running — The Takedown Impacts

Fast forward to now and on the TLP:Red side, we’re a collection of over 500 global members spanning multiple industries, verticals, law enforcement, and government colleagues. We’ve held multiple conferences to discuss takedowns, impacts, laws to use when going after actors, and most importantly: to explain our perspective in what we see as it relates to fraud. It’s like building a house, where one person works on the windows, another person does the electricity, or lays the floor joists.

  • Actioned between 5–10 million social media and dating profile accounts, many of which were identified directly by romance victims.
  • Identified thousands of illicit bank accounts used by scammers to facilitate fraud.
  • Identify thousands of email accounts (across many providers, ISP’s, etc.) and action them for takedown.
  • Assist government partners on unemployment, FEMA, PPP, W2, tax, and several other types of government fraud.
  • Sent thousands of fake W2’s to actors purely out of spite. Good luck working with that false information. ❤
  • Thousands arrested across the globe as a result of BEC and related crimes.
  • Worked with major service providers to action massive hives of BEC domains registered by actors.
  • Assist thousands of romance victims, providing resources and assistance as we can.
  • Create a TLP:White Slack channel, currently consisting of over 1,100 members. A big win there: we helped a mom-and-pop shop return over $700,000 in a BEC attack. They would have had to close if we didn’t get the money back, but instead they celebrated with champagne when the money was successfully returned.
  • Discovered that calling this “Nigerian fraud” is insanely inaccurate, because not all Nigerians are scammers. It’s just the bad apples ruining it for the bunch.
  • Members identified international criminal syndicates and other confraternities who are responsible for many types of fraud we see, as well as some of the most vicious crimes I have ever witnessed. Don’t believe me? Watch the link above, you’ll hate it. I guarantee it.
  • Tens of thousands of fake checks identified, tried to get the intelligence to the people who could action it, but unfortunately failed because it was “too much data” to work with. We naively thought “here’s where fraud is going to happen” on a silver platter would work, but it didn’t.
  • TONS of accounts and visibility into advanced-fee fraud, and you’ve probably seen it. If you’ve ever tried to sell something on Craigslist or Facebook market place and were offered a check for more than you were asking for: this is what it’s called.
  • Puppy scams, SCameroonians, and you. Yes, people sell fake puppies to people for fraud. Jerks.
  • Human sacrifices, murders, and suicides tied back to this stuff. Yuck.
  • Billions reversed by members. No that’s not an exaggeration, yes we’ve had billions more stolen that isn’t accounted for.
  • And the honorable mentions, like the times where actors leaked hundreds of bank accounts because they don’t know how to forensics. And no, we aren’t saying how we found it.

You Can Do This Too — The Keys to Successful List Administration

What made this successful can be summed up in two simple words: the people. The people you work with have a direct impact on whether or not you’ll be successful, fail, or end up in a stress spiral of toxicity and funk because people don’t think it’s important. Reflecting back, the reason we have been so successful over the years (and we ain’t stopping!) are for the following reasons:

  1. Find passionate people who like solving problems.
  2. Set a common goal. In our case, it was “to fight and understand all things BEC”
  3. Work together. You’re fighting the same fight, so why fight amongst each other?
  4. When problems arise, hear all sides, check intent, handle issues quietly, communicate the problem and resolution, and move on. Do not let them fester.
  5. Be awesome to each other.

Closing

Measure your successes, even when you don’t want to. A group of misfit toys helped stop billions of dollars in fraud, saved countless fraud and romance victims, helped lead to thousands of arrests, and destroyed millions of intelligence data points tied to infrastructure. We fight for the victims, living and dead, simply because it’s right.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ronnie T

Ronnie T

This is me. Dystopia with a smile, stomper of fraud, caller-outer of BS. Not all Nigerians are scammers. #EndFraud #BEC #OSCP