Cybersecurity specialists often emphasize the dangers of insider threats and this banker has proven them correct.
On Tuesday, December 12th, 2017, a 29-year-old Barclays banker Jinal Pethad was jailed for six years and four months for assisting two Moldovan cybercriminals to launder more than £2.5 million ($3 million) from Barclays Ealing, London branch where he worked.
The cybercriminals identified as Ion Turcan and Pavel Gincota were jailed for five years eight months and seven years’ respectively for using Dridex banking malware and paying Pethad for his assistance in the scheme.
Pethad who pleaded guilty on Tuesday conspiring to launder money acted as “personal bank manager” to the cybercriminals and opened 105 sham bank accounts for them using bogus ID documents that allowed Turcan and Gincota launder stolen money in 2014 and 2016 without raising suspicion.
According to Mark Cains, from the NCA’s National Cyber Crime Unit, “Jinal Pethad abused his position of trust at the bank to knowingly set up sham accounts for Gincota and Turcan, providing a vital service which enabled them to launder millions.
“Using his knowledge of the financial system, he made sure the stolen money was not blocked before entering these accounts and provided the pair with reports to evidence his efforts and maintain the criminal relationship.
“The NCA works with industry and law enforcement partners to target cyber crime at every level. We are determined to disrupt the flow of illegal money to prevent it funding further criminality.”
According to GetWestLondon’s report, authorities searched Pethad’s home and found £4,000 ($5,348), seven luxury watches and three mobile phones that were used to communicate with the criminals. In one of the conversations, Gincota asked Pethad “Can I bring two guys for open acc pls??? 1-german; 1-france; or 2-france; who u want? Let me know pls!”
“Pethad abused his position of trust in his job to set up more than 100 accounts, and to access further fake accounts, all for the purpose of hiding and obtaining money stolen from businesses and individuals,” said Tom Guest, of the Crown Prosecution Service (CPS).
Dridex malware is a prominent banking malware used by cybercriminals around the world to steal money from banks. Researchers first identified Dridex targeting banks in Russia and the United States. Attackers send Dridex in spam emails attached with the unauthentic scanned document, which in reality is a macros-enabled.doc and infects a targeted device upon execution.