Tomasz Skowron, identified as a key player in the criminal group behind the £840,000 fraud scheme, was sentenced to five years and three months in prison on Monday at Croydon Crown Court, after pleading guilty “to conspiracy to defraud, fraud and money laundering.”
The criminal network he was part of infected several Australian companies with malware in 2014 to empty their online accounts. The 29 year-old Polish national was apprehended while living in the UK after using his home IP to access victims’ online accounts and transfer the money to mule accounts opened in the UK.
An investigation by the Metropolitan Police’s Falcon Cyber Crime Unit confirmed his involvement in the hack, as well as in two other cyberattacks, after confiscating electronic devices from his home. He was arrested on Dec. 9, 2014.
The two other hacks dated back to April 2014 and involved man-in-the-middle attacks against construction companies whose employees unknowingly downloaded malware on company computers.
The malware allowed hackers to steal online banking passwords and transfer the money to bank accounts opened by Skowron earlier. Overall, the malware infection caused the companies some £500,000 worth of damage. Investigators also found Skowron had a partner by the name Piotr Ptach.
“Skowron played a significant part in a wider criminal network that was responsible for several high-value frauds using malware. The proceeds of this fraud were then laundered through an organized money mule network,” said Detective Constable Jody Stanger, from the Met’s Operation Falcon Cyber Crime Unit. “This conviction and sentence is the culmination of a long and complex investigation and shows that we will relentlessly pursue criminals involved in serious and organized crime online.”