Insight: Trail in Ecuador cyberheist leads to gamers’ crash pad in Hong Kong

Salesforce to buy Demandware in $2.8 billion deal
June 1, 2016
Germany working to formulate Kuka counter-offer: Gabriel says
June 1, 2016
This post was originally published on this site
A view of the registered office address for Jiushun Group Co Ltd in Hong Kong May 26, 2016. REUTERS/Bobby Yip
A view of the registered office address for Jiushun Group Co Ltd in Hong Kong May 26, 2016.

Reuters/Bobby Yip

The paper trail left behind by $2 million stolen from a hacked Ecuadorian bank runs cold in a windowless gamers’ crash pad in a gritty industrial area of Hong Kong.

The room, in a former factory in the Kwun Tong district, is the registered address for Jiushun Group Co., Ltd., the firm that received the largest single transfer of the $12 million reported missing from Ecuador’s Banco del Austro (BDA) in January 2015.

King Yuen – an unemployed 25-year-old and a regular at the room’s all-night gaming sessions and mahjong contests – said he had never heard of Jiushun Group, and he had no idea where the stolen millions ended up. Still, Yuen was not surprised to learn the loot landed in Hong Kong, having heard of such schemes when he mixed drinks in the city’s downtown financial district, he said.

“The prize is just bigger this time,” Yuen told Reuters.

For a graphic tracing the money trail from Ecuador to Hong Kong, see:

The $12 million taken from BDA and the $81 million cyberheist from the Bangladesh central bank’s accounts at the New York Federal Reserve in February have illuminated weaknesses in the global money transfer system.

In both the Bangladesh and Ecuador cases, hackers exploited the SWIFT messaging system, which is used to move hundreds of billions of dollars and other currencies each day among commercial and central banks. The banking industry’s high confidence in SWIFT has been shaken because, in both cases, cyber thieves infiltrated the banks’ systems and sent fraudulent transfer requests through the network.

In the Ecuador heist, SWIFT was unaware of the January 2015 attack until Reuters contacted the cooperative last month.

The two unsolved cases also highlight how thieves could launder proceeds through existing money laundering networks in Asia. The heists may have required sophisticated hacking tools, but tactics used in the getaway – transporting and stashing the money – are as old as bank robbery itself.

In the Bangladesh Bank case, the criminals sent their loot to lightly regulated casinos in the Philippines, leading to a government inquiry in that country. In the case of the Ecuadorian commercial bank, they sought cover in Hong Kong’s shadowy world of shell companies, according to court records filed in the United States and Hong Kong arising from BDA’s efforts to recover its money.

BDA declined to comment.

Hong Kong is known as a free and open financial center – but also a destination for illicit money flows, made possible by practices that allow paper companies to proliferate.

The undemanding disclosure laws make Hong Kong attractive to money launderers, said Mike Kenealy, chief operating officer of risk and compliance consultancy Insiders Corp.

“These companies are often set up for ill-gotten gains and as vehicles of corruption,” he said. “Once the money starts moving, it gets laundered, converted and disappears without a trace.”

Another Hong Kong company in the BDA case – Regal Prosper Trading Ltd. – was set up by a woman who served as a director for 200 companies. Regal’s current director, Chen Jianan, listed a home address that does not exist in Hong Kong, but appears to combine two different provinces on China’s coast, according to company registry records.


A look at Jiushun Group shows how hard it can be to trace business activities and money flows in Hong Kong.

Jiushun Group received $1.968 million wired from Ecuador, by way of the United States, according to the court filings.

But Jiushun’s corporate registry filings list the factory building game room as its office address. They disclose the name of only one director, Chen Sheng Rong, who could not be located for comment. There is no mention of its business lines or figures for profit or sales, a lack of disclosure standard for Hong Kong’s private companies.

A Hong Kong High Court judge in the BDA case described Jiushun and three other companies as appearing to be inactive corporate vehicles controlled by Chinese citizens.

Those four companies received $9 million in the Ecuador heist. Roughly $3 million was promptly transferred to 19 other companies’ accounts, the court filings show.

BDA has settled with or withdrawn claims against 5 of the companies involved, but not Jiushun.

In the Kwun Tong district, the web of Jiushun connections seems to expand from person to person and place to place – without offering many hints where the BDA money went.

Yuen, the former bartender, said a person named Chan Ting-fung signed the lease on the gaming room and that Chan has a female friend from mainland China in her 30s who receives business correspondence in the mailbox, paying a portion of the rent to do so. Chan could not be reached to comment on that connection. Yuen said he did not know the name of Chan’s friend.

Around the corner from the gaming space is a tennis-themed sports shop, which is listed as the address for the firm that performed legally required secretarial services for Jiushun Group.

Two employees of the tennis shop told Reuters they received two sealed letters from the High Court soon after they moved into the factory-turned-office space in December 2015, nearly a year after the theft.

The tennis-shop employees said they were not the intended recipients and did not open the notices.

Of the $1.968 million that went to Jiushun, $219,794 was passed on by Jiushun to jewelry wholesaler Samdimon HK Limited, according to a Hong Kong High Court decision citing bank transfer details from HSBC.

Samdimon’s registration lists Shailesh Ganmal Jain as its director.

In a ruling related to the case, High Court Judge Conrad Seagroatt called a statement submitted by Jain explaining the source of the funds in Sandimon’s account “convoluted” and “just not credible.”

Exactly what Jain said was not detailed in the court filing, but the record describes his statement as contending that BDA had failed to acquaint itself with the nature and extent of the jeweler’s business.

Jain told Reuters by email he was bound by a court order to remain silent. “I don’t want to disclose anything to you right now,” he told Reuters in a brief phone call.

Back in Kwun Tong, Yuen said he was concerned about the suggestion that his gaming pad could have some connection to an unsolved cybercrime.

The size of the heist is unimaginable to an unemployed bartender with under $1,300 to his name, he said.

“I had no idea,” he said, “I have my savings account, just HK$10,000 – maybe!”

(Reporting By Clare Baldwin in Hong Kong and Nathan Layne in Chicago; Additional reporting by Tris Pan in Hong Kong; editing by David Greising and Kevin Krolicki)