How an employee hacked into the payroll system of his company to steal the salary of other workers

The U.S. Department of Justice (DOJ) announced that Nigerian citizen Charles Onus has pleaded guilty to participating in a scheme to conduct multiple cyberattacks to steal the payroll deposits of hundreds of employees, all through the commitment of a personnel and human resources services firm. Onus was arrested while traveling from Nigeria to the U.S.

Attorney General Damian Williams said: “Onus admitted to participating in a scheme to steal hundreds of thousands of dollars legitimately earned by workers across the U.S. by hacking into the systems of a payroll company and diverting these assets to accounts under their control.”

The prosecution believes that this campaign began in mid-2017 and remained active for almost a year, with the defendant devising all kinds of methods to complete his intrusions into the systems of the affected company.

The defendant reportedly gained access to more than 5,500 user profiles on the compromised platform, primarily employing the hacking variant known as credential stuffing. Once it gained access to these profiles, Onus removed the information from the affected users’ bank accounts, putting in place their own bank account so that monthly payments would reach them.

During his period of activity, the defendant managed to divert approximately $800,000 USD to prepaid debit cards that he himself purchased. Most of those affected are employees of private companies in New York.

Onus was arrested on April 14, 2021 at San Francisco International Airport after arriving on a flight from his home country. According to his first statements to U.S. Customs and Border Protection, the defendant planned to spend a couple of weeks vacationing in Las Vegas.

Soon after, Onus pleaded guilty to one count of computer fraud for unauthorized access to a protected computer with intent to commit fraud, for which he could spend up to five years in prison. The defendant will know his sentence in mid-May.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.