Category Archives: arrested

Memphis BEC Scammers Arrested and At Large

The FBI announced another round of Business Email Compromise arrests this past week.  This time, a focus was in Memphis, Tennessee.  According to the Western District of Tennessee Press Release, "Eight Arrested in Africa-Based Cybercrime and Business Email Compromise Conspiracy", the individuals involved stole more than $15 Million!

The main indictment, originally filed in August 2017, charges 11 individuals with a variety of offenses related to their Business Email Compromise [BEC] crimes.


Count 1: 18 USC §1349.F - Attempt and Conspiracy to Commit Mail Fraud - penalties of up 20 years in prison and fines of up to $250,000, plus supervised release for up to 3 years.

Counts 2-8: 18 USC §1343.F - Fraud by Wire, Radio, or Television - penalties of up to 20 years in prison and fines of up to $250,000, plus supervised release for up to 3 years.

Count 9: 18 USC §§1956-4390.F - Money Laundering - Embezzlement, Other - penalties of up to 20 years in prison and fines of up to $500,000, plus supervised release for up to 3 years.

Count 10: 18 USC §371.F - Conspiracy to Defraud the United States - penalties of up to 5 years in prison and fines of up to $250,000, plus supervised release for up to 1 year.

Count 11-14: 18 USC §10288.A.F - Fraud with Identification Documents + Aggravated Identity Theft - 2 years incarceration consecutive to any other sentence imposed, plus fines of not more than $250,000.

1. Babatunde Martins (Counts 1,9,10,11)
2. Victor Daniel Fortune Okorhi (Counts 1,9,10)
3. Benard Emurhowhoariogho Okorkhi (Counts 1, 2, 3, 9, 10)
4. Maxwell Peter (Counts 1, 4, 6, 7, 8, 9, 10, 11, 14)
5. Dennis Miah - (Counts 1,9,10,11,13)
6. Sumaila Hardi Wumpini - (Counts 1,9,10)
7. Olufolajimi Abegunde (USM # 71343-019), (Counts 1,9,12)
8. Ayodeji Olumide Ojo (Counts 1,9,12)
9. Dana Brady (Counts 1,9)
10. James Dean (USM # 52637-076)  (Counts 1,9)
11. Javier Luis Ramos Alonso, 28,  (USM #24513-111) (Counts 1, 5, 9, 12)

In a separate indictment, Rashid Abdulai, was charged for much of the same, but with his key role being controlling five TD Bank accounts that were used to launder funds.

The primary victim in this case seems to be "Company A", a real estate company in Memphis, who is foolishly identified in the indictment through the carelessness of the author.  I've chosen to redact myself on that, but DAMN!  When you describe the company in such a way that there is exactly one such company on planet earth, you are failing to keep the faith of your victim companies.  Shame!

Fortunately, the indictment also shares a lot of details on the defendants:

RASHID ABDULAI, age 24
a citizen of Ghana, residing in Bronx, New York
controlled at least five TD Bank accounts

BABATUNDE MARTINS, age 62
email: papamart2000@yahoo.com
Company: Afriocean LTD
Nigerian citizen living in Ghana

VICTOR DANIEL FORTUNE OKORHI, age 35 -  *** STILL AT LARGE AND WANTED***
emails:  vicfoko@yahoo.com, VicdarycorriLTD@gmail.com, vicdarycomltd@icloud.com
Company: Vicdary Company LTD
Nigerian citizen living in Ghana

BENARD EMURHOWWHOARIOGHO OKORHI, age 39
emails: Marc.Richards@aol.com, benardokorhi@yahoo.com
Company: Coolben Royal Links LTD
Nigerian citizen living in Ghana

MAXWELL ATUGBA ABAYETA (AKA Peter Maxwell, AKA Maxwell Peter ), age 26
emails: petermaxwell200@gmail.com, sandarlin200@yahoo.com
social accounts: Facebook.com/maxwell.peter.5688
citizen of Ghana

DENNIS MIAH (aka Dennis Brown, AKA Dr. Den Brown), age 34 -  *** STILL AT LARGE AND WANTED***
 emails: JimRoyAirSeal1@yahoo.com, drdenbrown@yahoo.com
social accounts: Facebook.com/Oga.Bossson, Twitter.com/Oga.Bossson
citizen of Ghana

SUMAILA HARDI WUMPINI, age 29 - *** STILL AT LARGE AND WANTED***
email: hardi765_new@hotmail.com
social accounts: Facebook.com/Wumpini.Hardy
resident of Ghana

OLUFOLAJIMI ABEGUNDE, age 31
Nigerian citizen residing in Atlanta, Georgia

AYODEJI OLUMIDE OJO, age 35 -  *** STILL AT LARGE AND WANTED***
Nigerian citizen, lives with ABEGUNDE in Atlanta when in United States

DANA BRADY, aged 61
emails: bradydana50@gmail.com
US Citizen residing in Auburn, Washington

JAMES DEAN, aged 65
US Citizen, residing in Plainfield, Indiana

JAVIER LUIS RAMOS ALONSO, aged 28
Mexican citizen, residing in Seaside, California

D. G. -
emails: d2t2green696@gmail.com, d2t2green696@yahoo.com
US Citizen residing in Mississippi

J.R.
emails: LRIGNWM@yahoo.com
US Citizen residing in New Jersey

M.Z.
emails: CMIMIGO@aol.com
US Citizen residing in Utah

T.W. - US Citizen residing in Tennessee
J.B. - US Citizen residing in Alabama
C.M. - US Citizen residing in Tennessee (Western District)
C.W. - US Citizen residing in Tennessee
A.K. - US Citizen residing in Tennessee (Western District)
V.M. - US Citizen residing in Georgia

How It Worked

Martins, Maxwell, Bernard Okorhi, Victor Okorhi, and/or Miah would get the IP addresses of potentially vulnerable email servers and target them for intrusion.  Using US based IP addresses offered through VPN services, they would access a variety of websites, including credit card transaction processors and dating websites.  Their role in the conspiracy also included originating the spoofed emails that will be explained later.

Martins, both Okorhis, Maxwell, Miah, Wumpini, Brady, Dean, Ojo, and others would open bank accounts for receiving fraudulently-obtained funds and sending them to other accounts controlled by their co-conspirators.  

Because they had control of email accounts at Crye-Leike, they could tell when fund transfers related to real estate sales were scheduled to take place.  They would then spoof the email addresses of those involved in the transactions and send instructions causing the financial transfers to be redirected to accounts controlled by members of the conspiracy.

The funds were then laundered in a variety of ways, including using the funds to purchase goods, including construction materials, cell phones, and other electronics, and having those goods shipped to Ghana for use or resale to benefit the members of the conspiracy.

Maxwell, Miah, and both Okorhis created false identities and created dating profiles with false emails to correspond to their false dating profiles.  Through these, they lured victims into online romance scams, gold-buying scams, and a variety of advanced fee fraud scams.  These romance scam victims would carry out acts on behalf of the conspiracy, including forwarding counterfeit checks, receiving and shipping merchandice, and transferring proceeds via wire, US Mail, ocean freight, and express package delivery services.

Martins, Maxwell, Miah, and both Okorhis also purchased stolen PII, including credit card information, banking information, and IP addresses from underground forums specializing in the sale of such information.

By purchasing cell phones in the United State and activating Voice-over-IP (VOIP) accounts, the US telephone numbers could then be used by the conspirators in Africa, allowing them to appear to be making their calls in the United States.

Some of the activity in this case dates back to 2012, when MIAH was already using fraudulently purchased credit cards and remote desktop protocol (RDP) to make online purchases that appeared to be in the United States.  (Hackers compromise US computers and set them up to use RDP so that foreign criminals can use them to originate credit card purchases in places where the credit card was issued.  By having, say, a Memphis Tennessee IP address, purchases made by a Memphis Tennessee credit card do not seem as suspicious.)

Specific Acts

Some of their crimes were extremely bold.  For example:

"On or about December 13, 2016, MIAH caused construction materials to be purchased with fraudulently obtained funds, and caused a freight container of construction supplies to be sent to him in Ghana."  WHAT?!?!  That's bold!

The compromise of the email accounts at Company A was in play by June 30, 2016, when $33,495 was wired to the wrong location after a tip received from stolen emails.

In August 2016, OJO opened a new Wells Fargo bank account, after his previous account at Bank of America was shut down due to fraud.  He used ABEGUNDE's new address (presumably in Atlanta, Georgia) as the address for the new account.

He also opened a Wells Fargo account in the same address in October of 2016.

Benard Okorhi sent emails as "Marc.Richards@aol.com" directing C.M. to obtain cash advances from credit cards and send the proceeds to recipients in Ghana.  He also ordered C.M. to purchase five iPhones and ship them to Ghana.

Miah used the "DrDenBrown@yahoo.com" email to tell Okorhi (as Marc.Richards) to smooth things out on the phone with a romance scam victim, because Okorhi had a better American accent.

Some of the other interesting "acts" in the conspiracy included:

25JUL2016 - Javier Luis Ramos Alonso accepts a $154,371 wire from Company A into his Wells Fargo account ending in 7688 and then sends the funds to accounts controlled by OJO in Atlanta.

26MAY2017 - Maxwell Peters sends a WhatsApp message directing an undercover Memphis FBI agent to receive a $15,000 check on his behalf.  Ooops!

30MAY2017 - Maxwell Peters directs the FBI agent to send $5,000 of the proceeds to himself in Ghana.

02JUN2017 - Maxwell Peters directs the FBI agent to send a $15,000 check to himself in Ghana.

Although the indictment doesn't lay out more of the particular acts, the Press Release says that this group stole more than $15 Million altogether!

Some interesting images

"M.Z." has an interesting Amazon Wish List for a romance scammer involved in shipping electronics:

On December 8, 2017, Abdulai says is asked in one of his WhatsApp chats:  "Hope Maxwell case didn't put you into any problem."  He responded "FBI came to my house asking me stuff about those transactions that was coming into my account so I'm tryna stay out f this whatapp n stuff for a while cuz I feel like they tracking me."

You got that right, Abdulai!



74 (Mostly Nigerians) Arrested in Business Email Compromise Action

Operation Wire Wire Cases 

Operation Wire Wire was announced June 11, 2018 by the Department of Justice.  This Operation led to the arrest of 42 people in the United States and 29 others in Nigeria, Poland, Canada, Mauritius, Indonesia, and Malaysia.  Not all of the case details have been made public yet, so this will be the first of several Operation Wire Wire blog posts.  What they all have in common is that they are all based on Business Email Compromise scams.


Case One: Okolie and Aisosa

Gloria Okolie ( 1:2018cr00029 ) - indicted in Georgia, arrested in Northern District of Texas on June 7, 2018.  She and Paul Aisosa, both Nigerian nationals residing in Dallas, are accused of laundering $665,000 in illicit funds.

Gloria opened a BBVA Compass Bank account in Addison, Texas in the name G.C. Investments and Logistics, with a $100 deposit.

Paul Wilson Aisosa opened an account at First National Bank of Texas in his own name at a branch in Killeen, Texas.  Someone using the email account 1234trot5@gmail.com sent emails to an attorney in Augusta, Georgia, who wired money from a sale of property to Okolie's BBVA Compass Bank account.  Some of these funds were wired to Paul's account from Gloria's account.

(A Facebook account in the name of Paul Aisosa checked into Dallas in April 2016)


Case Two: Odofuye, Nwoke, and Adejumo 

Adeyemi Odofuye (3:2016cr00232) (AKA Micky, AKA Micky Bricks, AKA Yemi, AKA GMB, AKA Bawz, AKA Jefe), is charged with a seven-count indictment in Connecticut for causing losses of $2.6 million, including $440,000 from a single victim in Connecticut.  (We'll call him Micky.)  According to his Facebook page, and the indictment, he recently graduated with a Masters of Science in Information Systems Security from Sheffield Hallam University.  One of Micky's email accounts was angelmicky_g41@yahoo.com.





















He is indicted in Connecticut along with Stanley Hugochukwu Nwoke (AKA Stanley Banks, AKA Hugo Banks, AKA Banks, AKA Banky, AKA Jose Calderon), who was a student at ApTech Computer Education in Lagos, Nigeria.

The two used a variety of custom domains to conduct fraud against an Austrian company with offices in Connecticut, including: veteranboats.org, messidepot.com, secondtow.info.  With these emails, they requested wire transfers to Technix Trade SP and Weequahic Group Inc.  Some of the funds were transferred to an HSBC account in Hong Kong.

The third party in this case, Olumuyiwa Yahtrip Adejumo (AKA Slimwaco, ACO Waco Jamon, AKA Hade, AKA Hadey) resided at 506 Hampton Avenue in Toledo Ohio.  (We'll call him Slimwaco.)  Slimwaco used his slimwaco@yahoo.com email addresses to communicate with praxes123@gmail.com both by email and Google chat.  He also sent numerous fraudulent emails to a company in Connecticut posing as the CEO of that company and causing five wire transfers to be sent "by his authorization" totalling more than $500,000.  Other emails he controlled included slimwaco@yahoo.com, kkssus@gmail.com, waco4real82@yahoo.com, slimhade@yahoo.com.  According to his Facebook page (in the name Adeola Crown Adejumo), he was originally from Ibadan, Nigeria.

The New Haven-based FBI agent who wrote the criminal complaint describes in detail the types of communications between the accounts, as Slimwaco sent a list of the CFOs of 100 Ohio-based companies to one of his colleagues, and another with more than 100 Illinois-based CFOs.  In other exchange, Micky and Slimwaco chat and help each other build lists of officers from public webpages and corporate directories.

Odfuye (Micky) was extradicted from the UK.  Nwoke was extradicted from Mauritius, the first extradiction from there in 15 years!

Case 3:  Idris, Shitu, Nyamekye, Ibrahim, and Bolorunduro 

The Western District of Pennsylvania announced their own case as part of Operation Wire Wire, namely the arrest of Taiwo Musiliudeen Idris and four co-conspirators.  Idris was one of 29 scammers arrested in Nigeria as part of this operation.  Idris worked with Ismail Shitu, Nathanael Nyamekye, Adnan Ibrahim, and Akintayo Bolorunduro to launder over $411,000 in real estate settlements via BEC.  Their scam primarily targeted residential real estate sellers in Maryland. 

The indictment against these four, (Case 2:17-cr-00192-AJS) was filed October 5, 2017 in Pittsburgh and covers three distinct BEC Scams.

BEC Scam #1 - Rockville, Maryland.  A married couple who were selling a home were anticipating the receipt of a wire for $411,548.06 in proceeds.  However a fraudulent fax caused the funds to be redirected to an account at Citizens Bank in New York, controlled by Ismail Shitu, who resides in the Western District of Pennsylvania.

BEC Scam #2 - Hopkinton, Massachusetts.  A married couple waiting to receive $212,961.75 for the sale of a home had the same experience.  The attorney who was to handle the funds transfer received fraudulent correspondence directing him to send the funds to a Suntrust Bank account in Clinton, Maryland, also controlled by the criminals.

BEC Scam #3 - Charlotte, North Carolina.  A real estate developer sold four parcels of land for $235,058.53.  Once again, the lawyer handling the case received a fax, from the same number as the two cases above, (760) 297-5626, instructing him to send the money to a SunTrust Bank account in McDonough, Georgia.

These funds were then laundered by transfers of funds from $30,000 to $104,000 to various shell companies controlled by members of the conspiracy.   Companies such as "Remy Tire Mart" and "Salem's Market and Grill" and "Sea Gull Freight LLC" and "Stability Capital Group" all received transfers of the funds from BEC Scam #1.

Remy Tire Mart also received funds from BEC Scam #2.  BEC Scam #3 also sent funds to Miken Auto LLC, Labor of Love, and OOPS!  Nathanael Nyamekye, who took $5,000 in an account in his true name.

Case 4: South Florida

We'll continue the Operation Wire Wire reporting as more cases are made public.  In South Florida, 23 individuals have been charged with laundering at least $10 Million from BEC scam proceeds, including 8 from a new indictment unsealed in Miami last week.   Reviewing the three related federal cases will be our next blog topic.

How to Steal a Million: The Memoirs of a Russian Hacker

As a University researcher specializing in cybercrime, I've had the opportunity to watch the Russian carding market closely and write about it frequently on my blog "Cybercrime & Doing Time."  Sometimes this leads to interactions with the various criminals that I have written about, which was the case with Sergey.  I was surprised last January to be contacted and to learn that he had completed a ten year prison sentence and had written a book.   I have to say, I wasn't expecting much.  This was actually the third time a cybercriminal had tried to get my interest in a book they had written, and the first two were both horrible and self-promotional.  I agreed to read his first English draft, which he sent me in January 2017.

I was absolutely hooked from page 1.  As I have told dozens of friends since then, his story-telling vehicle is quite good.  The book starts with him already in prison, and in order to teach the reader about carding and cybercrime, a lawyer visits him periodically in prison, providing the perfect foil  needed to explain key concepts to the uninitiated, such as interrupting one of Sergey's stories to ask "Wait.  What is a white card?"
My copy of the book!

As someone who has studied cybercrime for more than 20 years, I was probably more excited than the average reader will be to see so many names and criminal forums and card shops that I recognized -- CarderPlanet, and card shop runners such as Vladislav Khorokhorin AKA BadB, Roman Vega AKA Boa, and data breach and hacking specialists like Albert Gonzalez and Vladimir Drinkman who served as the source of the cards that they were all selling.  These and many of the other characters in this book appeared regularly in this blog.  (A list is at the bottom of this article)

Whether these names are familiar to the reader or not, one can't help but be drawn into this story of intrigue, friendship, and deception as Pavlovich and his friends detect and respond to the various security techniques that shopkeepers, card issuers, and the law enforcement world are using to try to stop them.  Sergey shows how a criminal can rise quickly in the Russian cybercrime world by the face-to-face networking that a $100,000 per month income can provide, jet-setting the world with his fellow criminals and using business air travel, penthouse hotel suites, cocaine and women to loosen the lips of his peers so he can learn their secrets., but he also shows how quickly these business relationships can shatter in the face of law enforcement pressure.

The alternating chapters of the book serve as a stark reminder of where such life choices lead, as Sergey reveals the harsh realities of life in a Russian prison.  Even these are fascinating, as the smooth-talking criminal does his best to learn the social structure of Russian prison and find a safe place for himself on the inside.  The bone-crushing beatings, deprivation of food and privacy, and the fear of never knowing which inmate or prison guard will snap next in a way that could seriously harm or kill him is a constant reminder that eventually everyone gets caught and when they do, the consequences are extreme.

Sergey's original English manuscript has been greatly improved with the help of feedback from pre-readers and some great editors. After my original read, I told Sergey "I LOVE the story delivery mechanism, and there are fascinating stories here, but there are a few areas that really need some work."  It's clear that he took feedback like this seriously.  The new book, released in May 2018, is markedly improved without taking anything away from the brilliant story-telling of a fascinating criminal career ending with a harsh encounter with criminal justice.

A purchase link to get the book from Amazon: How to Steal a Million: The Memoirs of a Russian Hacker

The book was extremely revealing to me, helping me to understand just how closely linked the various Russian criminals are to each other, as well as revealing that some brilliant minds, trained in Computer Science and Engineering, and left morally adrift in a land where corruption is a way of life and with little chance of gainful employment, will apply those brilliant minds to stealing our money.

I seriously debated whether I should support this book.  Many so-called "reformed" criminals have reached out to me in the past, asking me to help them with a new career by meeting with them, recommending their services, or helping them find a job.  It is a moral dilemma.  Do I lend assistance to a many who stole millions of dollars from thousands of Americans?  Read the book.  To me, the value of this book is that it is the story of a criminal at the top of his game, betrayed by his colleagues and getting to face the reality of ten years in a Russian prison.  I think the book has value as a warning -- "a few months or even a couple years of the high life is not worth the price you will pay when it all comes crashing down."

Links to selected blog articles that feature Pavlovich's cast of characters:

May 12, 2008 TJX and Dave and Busters - Maksym Yastremskiy (Maksik) Aleksandr Suvorov (JonnyHell) and Albert Gonzales (Segvec) and their role in the TJX Data Breach.

August 5, 2008 TJX Reminder: We Will Arrest You and We Will Send You To Jail - some of the legal aftermath of the case above.

August 8, 2008 TJX: the San Diego Indictments where the US government indicts:
  • SERGEY ALEXANDROVICH PAVLOVICH, aka Panther, aka Diplomaticos, aka PoL1Ce Dog, aka Fallen Angel, aka Panther757
  • DZMITRY VALERYEVICH BURAK, aka Leon, aka Graph, aka Wolf
  • SERGEY VALERYEVICH STORCHAK, aka Fidel
and charges them with violation of "18 USC Section 1029(b)(2) Conspiracy to Traffic Unauthorized Access Devices"

May 9, 2013 ATM Cashers in 26 Countries Steal $40M talks about BadB's role in "Unlimited" ATM cash-out schemes, and his arrest in 2010 and sentencing to 88 months in 2013.

Jan 14, 2014 Target Breach Considered in Light of Drinkman/Gonzalez Data Breach Gang talked about Albert Gonzales, Vladimir Drinkman, and how there seemed to be such a strong pattern of behavior - a script if you will - to how criminals were conducting the major data breaches of that time.

Jan 27, 2014 Roman Vega (CarderPlanet's BOA) Finally Gets His Sentence addressed the plight of Roman Vega, who had been drifting around in the American criminal justice system, unsentenced, from 2003 until 2013! Dmitry Golubov AKA Script, the "godfather of CarderPlanet" is also discussed in this post.



NullCrew’s Orbit, AKA Timothy French gets 45 months

This week, NullCrew hacker "Orbit" who is known to his jailers as Timothy French, was sentenced to 45 months for his role in several high profile hacking cases, including the University of Hawaii, the University of Virginia, the State Department, and Bell Canada.  The Criminal Complaint released by the Department of Justice has many more details.


For some reason, despite the criminal prosecution, one of the two official Twitter accounts of NullCrew is still live as of this writing.  The founders of NullCrew loved to depict themselves as ASCII Art aliens in their old-school-style ezine, FTS (Fuck The System), which made it to issue #5 before they began being arrested. (FTS Issue #5 is available at exploit-db.com
https://www.exploit-db.com/papers/32984/ )


Time Warner - March 6, 2013





FTS2014 will give you a sense of the way these guys think.  By the way, all of the Twitter accounts they claimed to be using in this magazine are still live today. ( @NullCrew_FTS, @siph0n_NC, and @zer0pwn)

pastebin.com/S0FfCpa2
A few days later they tweeted this post:

15 Jan 2014
Just had a talk with , this is going to be fun.



The 40,000+ userids and passwords, dumped from a database server, are still available online. 


Catching Orbit

Orbit was primarily caught because there was a snitch within NullCrew.  The snitch, described as a "CW" in the criminal complaint, or "Collaborating Witness", wanted to be able to tweet "officially" for NullCrew, and was granted permission to the shared Twitter account.  Once the CW had access, they checked the login history and found an IP address in Morristown, TN.   Charter Communications was able to provide a subscriber street address for the IP 24.151.251.118.  This IP came up repeatedly in the course of the investigation, being used to plant a hacked .php page on a University server, regular accessing a shared hacking platform in Chicago and more in hacked business accesses.

My favorite story, however, was of the auto accident.

(Updated: the admins of siph0n.net contacted me to make clear that their site has no association with siph0n the NullCrew member.  We've removed that portion of this article at their request.)


Getting to the Sentence

Part of the defendant's problem as sentencing approached was that Mr. French, who goes by the name "TJ" for "Timothy Justen", boasted over much about his association with many truly evil hackers over the years.  TJ claimed, according to his pre-sentencing memo, did claim to be a member of Team Poison, but denied emphatically that he had been involved with the TeamPoison April 2012 hacks against NATO and the United Nations, and the August 2011 hacks against NASA.  TeamPoison was run by Trick, aka Junaid Hussain, who was recently killed by a Hellfire Missile strike after becoming the leader of ISIS's hacking forces, and repeatedly hacking the Department of Defense.

Zer0pwn, one of the other arrested members of NullCrew, updated his Twitter profile to give as his description  "victim of sabu's wrath" implying that perhaps Sabu was involved with their arrests.

Facing a possible seven year sentence, one of the things the defendant appealed to was the relatively lenient sentences for people who had performed similar crimes.  TJ's attorney appeals to cases such as Nicholas Knight (from Team Digi7al) who confessed to hacking DHS, the National Geospatial Intelligence Agency, and assorted universities and businesses but was only sentenced to 24 months.  He lists several other cases, but comes back to a 17-year old hacker who also received only 24 months, concluding:

"This 24-month sentence alone compels a sentence for TJ far below the government's asserted guideline range in order to avoid unwarranted disparities."  (We wrote previously about how these "slap on the wrist" sentences were leading to others charging "unwarranted disparities" on behalf of their clients.   See: "Hacking, Carding, SWATting and OCD: The Case of Mir Islam

Several of my professional colleagues have commented that this sentence seems to hefty, but they were unaware of the extent of the damages to Bell Canada.  While Null (the Quebec citizen) identified the breach potential, it was Mr. French that took that information and used it to rampage through the files of Bell.ca.  "According to prosecutors, million of files were exfiltrated and 300,000 of them contained client information. At the time of the hack, Bell Canada said 22,421 login and password combinations along with five credit card numbers were exposed, but court documents indicate the number was smaller. Orbit later allegedly posted approximately 12,700 logins and passwords online and Tweeted a link to the data."