Cybercriminal Charged with Unauthorized Computer Intrusion, Securities Fraud, Wire Fraud and Other Crimes

Defendant Allegedly Engaged in a Campaign of Cybercrime Targeting U.S. Victims and Causing More than $5 Million in Losses

A criminal complaint was unsealed today in federal court in Brooklyn charging Idris Dayo Mustapha, a citizen of the United Kingdom, with computer intrusion, securities fraud, money laundering, bank fraud and wire fraud, among other offenses. The charged crimes stem from a variety of alleged criminal conduct between 2011 and 2018 in which Mustapha gained access to U.S.-based computers, including email servers and computers belonging to U.S. financial institutions, in order to steal money from online bank accounts and securities brokerage accounts. Mustapha was arrested in the United Kingdom in August 2021 and the United States is seeking his extradition to the Eastern District of New York.

Breon Peace, United States Attorney for the Eastern District of New York, and Michael J. Driscoll, Assistant Director-in-Charge, Federal Bureau of Investigation, New York Field Office (FBI), announced the charges.

“As alleged in the complaint, the defendant was part of a nefarious group that caused millions of dollars in losses to victims by engaging in a litany of cybercrimes, including widespread hacking, fraud, taking control of victims’ securities brokerage accounts, and trading in the name of the victims,” stated United States Attorney Peace. “Protecting residents of the Eastern District and financial institutions from cybercriminals is a priority of this Office.”

"Cyber crimes are insidious because the criminals lurk in places most people don't see, and many don't understand. Taking over victims' email accounts and then stealing millions of dollars are just some of the crimes we allege Mustapha committed over the course of many years. Using digital platforms for banking and investing are now part of our everyday life, and the FBI is focused on making these tools safe from criminals like Mustapha,” stated Assistant Director-in-Charge Driscoll.

As charged in the criminal complaint, starting in 2011, Mustapha and his co-conspirators engaged in a long-running scheme to steal money through a variety of computer intrusions and frauds.

In one part of the scheme, Mustapha and his co-conspirators allegedly obtained login information for victims’ securities brokerage accounts through various methods. The conspirators then used their access to those accounts to steal money and conduct trades to their own benefit. Initially, conspirators accessed the victims’ brokerage accounts and transferred money from those accounts to other accounts under their control. After financial institutions began to block those unauthorized transfers, Mustapha and his co-conspirators accessed other victims’ brokerage accounts and placed unauthorized stock trades within those accounts while simultaneously trading profitably in the same stocks from accounts that they controlled. For example, on or about April 16, 2016, Mustapha and a co-conspirator exchanged electronic chat messages in discussing this unauthorized trading. During the exchange, Mustapha’s co-conspirator announced access to the computers of a brokerage firm and questioned whether to engage in unauthorized trading or simply to wire money out of the brokerage account. Mustapha wrote back: “better to go trade up and down and [] not direct fraud wire.” Additionally, as part of the scheme, Mustapha flew to New York in June 2015 and opened an account at a U.S. financial institution in New Jersey; Mustapha and his co-conspirators later transferred approximately $104,000 from a brokerage account used to conduct unauthorized trading to Mustapha’s U.S. bank account.

In another part of the scheme, Mustapha and his co-conspirators allegedly obtained login information for victims’ email accounts and accessed those accounts without authorization to obtain financial and personal identifying information about their victims. The conspirators then contacted the victims’ financial institutions—by phone and by email messages —requesting that the victims’ financial institutions wire money from the victims to overseas bank accounts that the conspirators controlled. For example, in May 2013, Mustapha and his co-conspirators obtained $50,000 from an investment account that belonged to U.S. victims, and Mustapha directed the transfer of those funds to a series of bank accounts controlled by the conspirators. In April 2013, Mustapha and his co-conspirators attempted to defraud a victim located in the Eastern District of New York by obtaining control over the victims’ email account and using it to send written instructions—which falsely appeared to have been signed by the victim—to transfer $225,000 from one of the victim’s accounts, but the victim’s financial institution rejected the transfer request.

As a result of these schemes, Mustapha and his co-conspirators realized financial gains while causing losses of more than $5 million to financial institutions, including brokerage firms.

If convicted, the defendant faces up to 20 years’ imprisonment for each of the money laundering and wire and securities fraud charges, and a mandatory consecutive two-year sentence for the charge of aggravated identity theft.

The government’s case is being handled by the Office’s National Security and Cybercrime Section and Business and Securities Fraud Section. Assistant United States Attorneys David K. Kessler, Alexander F. Mindlin, Sarah M. Evans and Jonathan E. Algor are in charge of the prosecution. The Justice Department’s Office of International Affairs is also providing substantial assistance.