Chasing shadows in cyber fraud

Fraud cases can read like a movie plot with shadowy figures hacking email accounts, sending fraudulent instructions to banks and syphoning money into accounts around the world, but those ASTL members who have attended our fraud training sessions will know this is the reality of the threat of cyber fraud on any business. Those businesses, including lenders, who routinely transfer large amounts of money, become an obvious target. So, how do you stop the money moving if you don’t know who the enemy is?

In the first case of its kind, the High Court has awarded China Molybdenum Company (CMOC) judgment for circa £7 million and granted a worldwide freezing injunction against ‘persons unknown’[1].

The fraud

Hackers instructed CMOC's bank to transfer funds to bank accounts in numerous jurisdictions around the world. The transfers totalled just under US$7 million and almost €1.3 million. In an attempt to recover funds and track down the perpetrators, CMOC sought to freeze the bank accounts into which the money had been transferred. At a preliminary hearing back in 2017, the judge decided there was a good arguable case that the court had jurisdiction to grant a worldwide freezing order (WFO) against 'persons unknown', which included any person who had carried out, assisted or participated in the fraud, including the recipients of the funds. That initial decision has now been confirmed as an extension of the law following publication of the judgment from the trial of the proceedings.

The hackers infiltrated the email account of a CMOC director and sent instructions to the company's bank to make the payments. As is often the case in such frauds, the instructions mirrored emails the company would regularly send to its bank. The hackers also used outlook ‘rules’ to divert emails from colleagues to the director when the authenticity of the payments was questioned and then impersonated the director in responses to those colleagues.

In addition to the WFO, CMOC was successful in obtaining disclosure orders against 50 banks. The banks were classed as 'no cause of action’ defendants and so played no part in the proceedings other than for the purpose of giving disclosure. The disclosure orders allowed CMOC to identify other individuals involved in the fraud and they were then joined to the proceedings.

An action against 'persons unknown' is more routinely seen in libel or trespass cases and this is a first in a case involving financial fraud. The granting of the WFO in these circumstances was appropriate owing to the hacking element, the unknown identity of the defendants and the severity of the offences committed. The decision was said to reflect “the need for the procedural armoury of the court to be sufficient to meet the challenges posed by the modern electronic methods of communication and of doing business”.

In granting the order, the court emphasised that the defendants should be clearly identified, despite being 'persons unknown'. The judge was satisfied with the approach taken by CMOC in identifying defined classes of defendant. Also, it greatly assisted that the numerous bank accounts into which money was transferred, as both part of the initial fraud and subsequent dissipation, together with the individual transactions, were extensively evidenced and scheduled for the benefit of the court.

Innovative methods of service

The judge allowed service of the defendants through Facebook Messenger and WhatsApp, two 'innovative' methods of service. It is not unusual for service to be deemed valid through posting relevant materials on Facebook, but in this case the service occurred through Facebook Messenger, a private service channel.

Service through WhatsApp, which was approved in an earlier case, was also beneficial here as the platform allows the sender to see when the message has been both received and read.

The judge was happy to consider alternative methods of service where they are justified in a particular case and acknowledged the need to rule in line with modern practices.

Data rooms

The high volume of material relevant to this case, resulting mainly from the number of ‘no cause of action’ (bank) defendants, meant that service through a secure data room was permissible. CMOC used a court approved form of service, such as email or hard copy communication, to circulate a link to the data room to all of the relevant parties. An access code would follow in a separate email to ensure the data room was secure and only accessible by the relevant parties. Accessing the data room allowed all parties to see all the relevant documents and any new applications in the proceedings. It also allowed any new defendants, when they joined proceedings, to quickly get up to speed.

In addition to the use of the data room, CMOC had also prepared a summary for each defendant. This contained details of how each defendant had been served, the method of service and where the relevant evidence could be found.

The defendants who did utilise the data room found it a “most useful facility” as they did not require service of documents individually by email or hard copy.

What does the future hold?

This decision can be seen as an extension of the law and will likely pave the way for more victims of cyber fraud to seek similar injunctions in an attempt to recover stolen funds.

The court's decision was undoubtedly influenced by the increased prevalence of cyber fraud in the UK. Modern methods of conducting business have given criminals more opportunities to strike and they will constantly evolve their methods. Whilst no one can guarantee court procedures will evolve at the same pace as technology, the willingness of the court to adapt to a changing landscape in this manner is an important development for the victims of fraud.

 

Any questions arising from this article should be referred to Rob Payne (https://gateleyplc.com/people/rob-payne/) at Gateley Plc.

This article is intended only as a synopsis of certain recent developments. If any matter referred to in this article is sought to be relied upon, further advice should be obtained.

 

[1] CMOC Sales & Marketing Ltd and Persons Unknown and 30 others [2018] EWHC 2230 (Comm) (26 July 2018)