[BreachExchange] Here’s how FBI tracked a Sony employee who stole $154 million worth of Bitcoins

[Terrell Byrd]

https://indianexpress.com/article/technology/crypto/us-returns-154-million-in-bitcoins-stolen-by-sony-employee-7692676/

The United States Department of Justice returned $154 million worth of
Bitcoins purportedly stolen from Sony Life Insurance Company Ltd, a SONY
subsidiary, in what’s being called a textbook business email compromise
(BEC) attack. A BEC is an exploit in which an attacker obtains access to a
business email account and imitates the owner’s identity, in order to
defraud the company and its employees.

According to the US Department of Justice, a SONY employee allegedly stole
funds from the company in May and converted it to more than 3,879 Bitcoins.
Those funds were seized by law enforcement on December 1, based on the
Federal Bureau of Investigation’s (FBI) probe.

The accused has been identified as Rei Ishii, who allegedly falsified
transaction instructions, which caused the funds to be transferred to an
account that Ishii controlled at a bank in La Jolla, California. Ishii then
quickly converted the funds to Bitcoin cryptocurrency.

FBI was able to trace Bitcoin transfers and identify that 3,879.16
Bitcoins, representing the proceeds of the funds stolen from the company
had been transferred to a specific Bitcoin address and then to an offline
cryptocurrency cold wallet.

“As a result of this coordinated effort from Sony and Citibank, continued
to investigate in cooperation with Japan’s National Police Agency, the
Tokyo Metropolitan Police Department, Tokyo District Public Prosecutors
Office, and JPEC (Japan Prosecutors unit on Emerging Crimes), investigators
obtained the “private key” – the rough equivalent of a password – needed to
access the Bitcoin address,” the US department said in a press release.

Meanwhile, all the Bitcoins traceable to the theft have been recovered and
fully preserved. Ishii has been criminally charged in Japan.

“It is our intent to return the stolen money to the victim of this
audacious theft, and today’s action helps us do that,” said Acting U.S.
Attorney Randy Grossman. “This case is an example of amazing work by FBI
agents and Japanese law enforcement, who teamed up to track this virtual
cash. Criminals should take note: You cannot rely on cyptocurrency to hide
your ill-gotten gains from law enforcement. The United States coordinates
extensively with its international partners to forestall crime and retrieve
stolen funds.”

“The FBI was able to recover these stolen funds for two very important
reasons,” said FBI Special Agent in Charge Suzanne Turner. “First, Sony and
Citibank immediately contacted and cooperated with law enforcement as soon
as the theft was detected, and the FBI worked in partnership with both to
locate the funds. Second, the FBI’s footprint internationally through our
Legal Attaché offices and the pre-existing relationships we have
established in foreign countries – in this instance with Japan – enabled
law enforcement to coordinate and identify the subject. The FBI’s technical
expertise was able to trace the money to the subject’s crypto wallet and
seize those funds.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211227/50fbd434/attachment.html>