How An HSBC Teller Stopped A $500 Million Bank Heist

HSBC

What did you do for your employer and/or coworkers today?

Arrive an hour or two early to get a jump on a big project?

Meh.

Bring donuts for the entire office?

Such a hero.

Identify a potential new revenue stream?

Amateur.

No matter the significance of your contribution, the odds are pretty good you did not stop a $500 million bank heist.

That’s what a HSBC teller in London did, according to a new investigative report this week in The Wall Street Journal. The alleged attempted theft is a complex, convoluted tale that involves Angolan political and financial authorities, missed SWIFT signals, forged paperwork, a get-rich-quick scheme and a small cast of international characters that, the newspaper noted, seem drawn from a Hollywood caper movie.

The tale also offers a reminder that even in this age of digital fraud — earlier this year, for instance, three banks in Mexico were the victims of an attempted cyberattack that aimed to gain access to the country’s electronic payment systems — human beings are still more than capable of setting up large-scale bank cons via old-fashioned face-to-face interaction backed by forgeries.

Heist Idea

The pitch from the alleged con artists went something like this: Angola could invest in the private market and make billions via “bank guarantees,” a type of con that, the paper said, usually is targeted at “individuals or companies, not sovereign states.” Thanks to a combination of economic woe, political corruption and a forged letter meant to look as though it came from the head of BNP Paribas, legal authorities contend, Angolan officials — including the son of the country’s then-outgoing president — accepted the offer and transferred the money into a “qualified trust company” operated by the alleged thieves.

“Angola’s finance minister, Archer Mangueira, was skeptical of the plan,” the Journal said. “His department questioned the experience of the two deal coordinators and wondered about the project’s “true developers.”

It turns out the people allegedly behind the scheme included “Hugo Onderwater, a Dutch agricultural engineer living in Portugal, and Jorge Pontes Sebastião, a childhood friend and business partner of President dos Santos’ son,” the paper reported. As well, “51-year-old Brazilian Samuel Barbosa da Cunha … was to act as ‘trustee’ of Angola’s $500 million seed money for the new fund, in charge of obtaining the ‘bank guarantees’ and financial instruments that were supposed to transform the country’s money into $35 billion.”

In August 2017, Onderwater and Pontes “sent instructions to (Angola’s) central bank governor to transfer $500 million to the trustee, Mr. Barbosa, according to evidence cited by the U.K. court. They provided the details of an HSBC account of a company called Perfectbit Ltd., registered to the London accountant’s storefront office and listed on Bar Trading’s website as an “overseas subsidiary.”

SWIFT Hole

This is the part of the story where SWIFT comes in — or, rather, where the SWIFT system reportedly failed to detect anything wrong with the allegedly fraudulent transaction as the money moved from the central bank account at Standard Chartered back to the HSBC account held by Perfectbit. According to the paper’s investigation, “the central bank’s Swift message code indicated — inaccurately — that the money was for intrabank business with HSBC rather than headed to an HSBC customer. HSBC noticed the discrepancy later, when it started probing the transfer.”

That failure represents what Shane Shook, a cybersecurity consultant, called a “hole in the international financial system,” according to the report.

In fact, news of this attempted heist comes as a new report from cybersecurity experts at FireEye, claiming a North Korea-led cyber campaign has swindled banks of hundreds of millions of dollars since 2014 and continues to operate as an “active and dangerous” entity. The hackers reportedly deploy malware to submit fraudulent transactions into the SWIFT network to initiate a funds transfer. Money is then transferred to bank accounts and laundered, with APT38 deleting any evidence.

Meanwhile, “once the $500 million was in Perfectbit’s account, the accountant made Mr. Barbosa and an associate owners of the company. The accountant, Bhishamdayal Dindyal, kept signing power on the HSBC account.”

The accountant and an “associate of Barbosa tried over the “next few weeks” to withdraw some of the money from HSBC branches but failed.

Attentive Teller

That’s when the teller comes in.

The accountant went to a branch in suburban London and tried to transfer $2 million from the HSBC bank account to Japan, where Barbosa operated a company allegedly part of the attempted heist. That teller was apparently amazed that the bank account had $500 million in there. She reportedly “filed a report about the enormous balance, (and) HSBC suspended the account for review.”

The alleged participants in the attempted heist have either been questioned or charged, and the $500 million has been returned to Angola as authorities there and in the U.K. continue their investigation.

As for the teller, there was no word on her fate, but one hopes her attentive work at least merited mention on her next performance review.