A British-Nigerian individual, Idris Dayo Mustapha, has admitted guilt in New York for participating in cyberattacks for over seven years. The scheme involved hacking into the computer servers of banks and brokerages, resulting in over $6 million in losses for customers.
Mustapha, 33, pleaded guilty to charges including access device fraud, conspiracy to commit computer intrusion and securities fraud, and conspiracy to commit wire fraud during a hearing before U.S. District Judge Pamela Chen in Brooklyn.
Lagos-born Mustapha was apprehended in the UK in August 2021 and later extradited to the U.S. the same year. Set for sentencing on April 3, 2024, he could potentially receive a maximum sentence of 20 years, although a lesser term is anticipated. As of now, Mustapha’s lawyer has not provided a comment. From January 2011 to March 2018, the accused and his associates purportedly utilized phishing and various methods to acquire usernames and passwords to access online accounts.
According to prosecutors, the individuals involved moved funds and securities from victims’ accounts to their own, executing unauthorized stock transactions in compromised accounts. Simultaneously, they conducted profitable trades in the same stocks within their personal accounts. The legal case is identified as U.S. v. Mustapha, filed in the U.S. District Court, Eastern District of New York, with case number 23-cr-00440.
How banks are at risk
According to Investopedia, in a report published in January 2020 and revised in 2021, the Federal Reserve Bank of New York says the risk of spillover effects from cyberattacks is high because the banking system is interconnected. The report suggests a cyberattack on any of the five most active U.S. banks could affect 38% of the network.
Experts warn that U.S. banks are particularly susceptible to state-sponsored cyberattacks by countries including Russia, China, and North Korea.
“State-sponsored hacking is the biggest threat to our financial sector because of the capacities that they can bring to bear,” Jamil Jaffer, founder and executive director of George Mason University’s National Security Institute, told the House Financial Services Subcommittee on National Security, International Development, and Monetary Policy during a hearing in June 2020.
Impact of cyberattacks on bank customers
Consumers have relatively little to fear from routine cyberattacks on banks, provided they have not been lax about safeguarding their information and notify their bank promptly when funds go missing. U.S. law requires banks to refund money taken from customers’ accounts without authorization if the customer alerts the bank within 60 days of the transactions appearing on their bank statement. Business accounts, however, have fewer protections and could be subject to greater losses.
While bank deposits of up to $250,000 are insured by the Federal Deposit Insurance Corporation (FDIC) for participating institutions, the banks themselves have no federal guarantee of solvency in the event of a major cyberattack. Such attacks could target bank processing systems and disrupt critical financial transactions.
How cyberattacks affect banks
Cyberattacks affect banks in many ways. In addition to the monetary loss that results from hackers stealing money from banks, banks incur additional costs in implementing cybersecurity to protect assets.
Furthermore, cyberattacks decrease the trust that customers have in institutions. If they believe their money will be stolen, they trust banks less to protect their money. Cyberattacks also interrupt the operations of banks, wreaking havoc across the institution and how it operates fundamentally.
How much banks lose to cyberattacks
According to a 2022 IBM Cost of a Data Breach Report, financial organizations averaged $5.97 million per breach. Also, some of the main threats used against banks in cyberattacks include ransomware, phishing, trojans, and spoofing.
Cybersecurity is a top concern for the banking sector. Consumers are likely to be able to recover their money under federal law, but some experts are concerned that escalating attacks could eventually threaten a big bank’s solvency