Jury convicts cybercriminal for hacking universities
ATLANTA – Olayinka Olaniyi, a citizen of Nigeria, was convicted by a federal jury on August 9, 2018, after a three-day trial, on charges of conspiracy to commit wire fraud, computer fraud and aggravated identity theft. Co-defendant, Damilola Solomon Ibiwoye, pleaded guilty to similar charges and was sentenced on January 31, 2018.
“These defendants used trickery to lure and exploit their unsuspecting victims, but they will now face the consequences of their scheme in federal prison,” said U.S. Attorney Byung J. “BJay” Pak. “We are grateful for the collaborative work by our national and international law enforcement partners in this case, and we will continue to vigorously prosecute cybercriminals who hide behind the anonymity of the internet to commit these types of crimes.”
“The FBI is determined to arrest criminals who believe they can hide out on the internet, protected by geographic boundaries, and prey on the American people and our institutions,” said J. C. “Chris” Hacker, Special Agent in Charge of the FBI Atlanta Division. “This case clearly shows the benefits of global cooperation between the United States and international law enforcement.”
“We were proud to support our federal partners in bringing down this criminal enterprise,” said Georgia Attorney General Chris Carr. “We will remain vigilant in investigating and prosecuting all who attempt to defraud honest, hard-working Georgians.”
According to U.S. Attorney Pak, the charges, and other information presented in court: Olaniyi and Ibiwoye were behind several “phishing scams” that targeted colleges and universities in the United States, including the Georgia Institute of Technology (“Georgia Tech”) and the University of Virginia. While both are Nigerian citizens, they committed their crimes while living in Kuala Lumpur, Malaysia, and were extradited to the United States to face these charges.
A “phishing scam” is the act of sending fraudulent emails that appear to come from legitimate enterprises for the purpose of tricking the recipients into providing personal information, including usernames and passwords. Olaniyi and Ibiwoye directed phishing emails to college and university employees. Once they had possession of employee logins and passwords, they were able to steal payroll deposits by changing the bank account into which the payroll was deposited. Also, while logged into the university system through the stolen logins and passwords, these defendants were able to gain access to employee W2 forms, which they used to file fraudulent tax returns. The attempted theft was over $6 million.
The stolen funds were routed into U.S. bank accounts, and the evidence showed that access to these bank accounts was acquired through the use of romance scams, where fraudsters pose on dating sites and apps as potential partners to gain the trust of their victim. At some point, the fraudster will make a request to deposit money into their victim’s account and claim to need all of the account information, including their account number, routing number, passwords, and answers to security questions. In this case, all of that information was then used to funnel the proceeds of theft through those accounts and out of the country.
Olayinka Olaniyi, 34, of Nigeria is scheduled to be sentenced on October 22, 2018, at 10:00 a.m., before U.S. District Judge Steve C. Jones.