What does the American actor Seth Rogen have to do with BankIslami Pakistan? Probably like yourself, we here at Profit never thought that Seth Rogen and BankIslami would be two words uttered in the same sentence, and yet, here we are. Somehow, a small Pakistani bank that is middling even in relation to other small Islamic banks in the country, is now part of an absurd money laundering case, which involves one Canadian embezzler, three North Korean hackers, a Nigerian Instagram star, and the English Premier League.
And it all started with the American 2014 film ‘The Interview’. James Franco and Seth Rogen play journalists recruited by the CIA to interview and then assassinate the North Korean dictator Kim Jong Un. At the time, there was a bit of a fuss as North Korea threatened to take action against the United States if the film was released (nothing happened). But we don’t think anyone at the time thought – “somehow down the line, because of this film, BankIslami Pakistan will lose $6.2 million in a cyberattack”.
No, that would happen much later. First, North Koreans did not take kindly to the movie (and we thought Pakistanis have thin skin when it comes to national image). In fact, Sony Entertainment Pictures, which released the film, was hacked in 2014 by a group called the ‘Guardian of Peace’. One of the people thought to have been behind it is a man called Park Jin Hyuk. He and two other North Koreans, Jon Chang Hyok and Kim Il were charged by the US in early 2021 over a scheme to extort $1.3 billion. And that is not all. They alo attempted to steal $1 billion from Bangladesh’s central bank in 2016.
To do this, they often enlisted the help of their friend ‘Hushpuppi’, also known as Ramon Olorunwa Abbas, a Nigerian celebrity with 2.5 million followers on Instagram. When not posing in front of luxury cars or private planes, he was helping scam other people around the world. Notable moments include scamming a U.S. law firm into wiring him almost $923,000 in October 2019, and allegedly plotting to steal $125 million from an unnamed soccer club in the English Premier League. While that club managed to keep their name undisclosed, Nigerian newspapers reported that perhaps Hushpuppi also stole $2.5 million from Italian football club Lazio.
To pull this off, one needs extra help. And this is where 36-year-old Ghaleb Alaumary of Mississauga, Ontario, comes in. On September 7, the US Department of Justice sentenced him to 12 years in prison and ordered him to pay $30 million back to victims for money laundering. According to court proceedings, Alaumary used business email compromise schemes, ATM cash-outs, and bank cyber-heists to steal money from victims and then launder the money through bank accounts and digital currency.
Just some examples: Alaumary got a Canadian university to wire $9.4 million, by posing as construction Alaumary also arranged for a co-conspirator in the United States to make several trips to Texas to impersonate wealthy bank customers in a scheme to steal hundreds of thousands of dollars from victims’ accounts.
Critically, according to the US Department of Justice, Alaumary would also recruit and organize individuals to withdraw stolen cash from ATMs; provide bank accounts that received funds from bank cyber-heists and fraud schemes; and then further launder thode funds, or exchange them for crypto currency. This would include a cyber heist in 2019 of a bank based in Malta. And those funds would also include money stolen from BankIslami in Pakistan.
In a notification to the Pakistan Stock Exchange (PSX) in 2018, BankIslami stated that it detected certain abnormal transactions valuing Rs2.6 million on one of its international payment card schemes on the morning of October 27, 2018. This was despite Visa insisting that the amount was in fact $6 million. At the time, the SBP temporarily banned the use of cards for overseas transactions.
BankIslami was extremely annoyed: it filed a case against Visa in the High Court of Sindh, trying to stop them from deducting the $6.1 million. In 2020, Visa sued BankIslami in the District Court of California, demanding $7.3 million over the incident plus costs and fees. The bank then filed a counterclaim against Visa. Eventually , the two parties came to a settlement, the terms of which have been undisclosed.
The bank also hired a forensic investigator to ‘identify any malicious software’ related to the cybercrime incident. But this wasn’t something that BankIslami would just solve by itself – let’s face it, no Pakistani bank compliance sector is going to figure out how to stop someone like Alaumary or Hushpuppi or North Korea.
Instead, it took Alaumary to start cooperating with U.S. authorities in October 2019 and secretly sign a plea agreement in November 2020. Bank Islami also later joined the criminal case conducted by the US Department of Justice against Aluamany, at the District Court of Southern District of Georgia.
According to the FBI: “This case is an example of our relentless determination to hold criminals accountable no matter how sophisticated their crimes may seem.The arrest and sentencing of cyber criminals like Alaumary, who feel safe hiding behind a computer screen, are only possible through persistent investigative efforts of the FBI and our close collaboration with our U.S. and international partners.” While there is a certain neatness to the American justice system, for BankIslami, there are still a couple of loss threads to handle. The bank has no idea about whether it will receive the restitution amount of the guilty party, and it has yet to receive a detailed judgement of the case.